packages/ImageMagick
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2019-18853 CVE-2020-27755

Browse Source
This commit is contained in:
wang_yue111 2021-04-12 14:27:19 +08:00
parent cc9aa2148b
commit aba61317a6
3 changed files with 89 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
CVE-2019-18853.patch Normal file
View File

@ -0,0 +1,45 @@
From 0e28baf9bcb3e2e759f51cd0d74750e5e195b1aa Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Wed, 23 Oct 2019 06:01:08 -0400
Subject: [PATCH] [FG-VD-19-136] ImageMagick Convert SVG MacOS Denial Of
Service
---
coders/svg.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/coders/svg.c b/coders/svg.c
index 1fee4b8..26ac308 100644
--- a/coders/svg.c
+++ b/coders/svg.c
@@ -66,9 +66,10 @@
#include "magick/monitor.h"
#include "magick/monitor-private.h"
#include "magick/pixel-accessor.h"
-#include "magick/quantum-private.h"
+#include "magick/option.h"
#include "magick/pixel-private.h"
#include "magick/property.h"
+#include "magick/quantum-private.h"
#include "magick/resource_.h"
#include "magick/static.h"
#include "magick/string_.h"
@@ -3579,9 +3580,14 @@ static Image *ReadSVGImage(const ImageInfo *image_info,ExceptionInfo *exception)
message[n]='\0';
if (n > 0)
{
+ const char
+ *value;
+
svg_info->parser=xmlCreatePushParserCtxt(sax_handler,svg_info,(char *)
message,n,image->filename);
- (void) xmlCtxtUseOptions(svg_info->parser,XML_PARSE_HUGE);
+ value=GetImageOption(image_info,"svg:xml-parse-huge");
+ if ((value != (char *) NULL) && (IsStringTrue(value) != MagickFalse))
+ (void) xmlCtxtUseOptions(svg_info->parser,XML_PARSE_HUGE);
while ((n=ReadBlob(image,MaxTextExtent-1,message)) != 0)
{
message[n]='\0';
--
2.30.0

38
CVE-2020-27755.patch Normal file
View File

@ -0,0 +1,38 @@
From 5fa0c9d4376d879855fb154e166c90775530edf4 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Wed, 16 Oct 2019 15:02:11 -0400
Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1756
---
magick/image.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/magick/image.c b/magick/image.c
index 90cec87..d462c9e 100644
--- a/magick/image.c
+++ b/magick/image.c
@@ -2703,9 +2703,18 @@ MagickExport MagickBooleanType SetImageExtent(Image *image,const size_t columns,
image->filename);
image->columns=columns;
image->rows=rows;
- if ((image->depth == 0) || (image->depth > (8*sizeof(MagickSizeType))))
- ThrowBinaryImageException(ImageError,"ImageDepthNotSupported",
- image->filename);
+ if (image->depth == 0)
+ {
+ image->depth=8;
+ (void) ThrowMagickException(&image->exception,GetMagickModule(),
+ ImageError,"ImageDepthNotSupported","`%s'",image->filename);
+ }
+ if (image->depth > (8*sizeof(MagickSizeType)))
+ {
+ image->depth=8*sizeof(MagickSizeType);
+ (void) ThrowMagickException(&image->exception,GetMagickModule(),
+ ImageError,"ImageDepthNotSupported","`%s'",image->filename);
+ }
return(SyncImagePixelCache(image,&image->exception));
}
--
2.30.0

7
ImageMagick.spec
View File

@ -1,7 +1,7 @@
Name: ImageMagick
Epoch: 1
Version: 6.9.10.67
Release: 20
Release: 21
Summary: Create, edit, compose, or convert bitmap images
License: ImageMagick and MIT
Url: http://www.imagemagick.org/
@ -52,6 +52,8 @@ Patch0042: CVE-2020-27775.patch
Patch0043: CVE-2020-25666-1.patch
Patch0044: CVE-2020-25666-2.patch
Patch0045: CVE-2020-25675.patch
Patch0046: CVE-2020-27755.patch
Patch0047: CVE-2019-18853.patch
BuildRequires: bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators
BuildRequires: libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel
@ -208,6 +210,9 @@ rm PerlMagick/demo/Generic.ttf
%{_libdir}/pkgconfig/ImageMagick++*
%changelog
* Mon Apr 12 2021 wangyue <wangyue92@huawei.com> - 6.9.10.67-21
- Fix CVE-2019-18853 CVE-2020-27755
* Tue Apr 6 2021 wangxiao <wangxiao65@huawei.com> - 6.9.10.67-20
- Fix CVE-2020-25666 CVE-2020-25675