Resolves BZ235075
This commit is contained in:
parent
479b37a13f
commit
b65014a0f8
37
ImageMagick-6.2.8-CVE-2007-1797.patch
Normal file
37
ImageMagick-6.2.8-CVE-2007-1797.patch
Normal file
@ -0,0 +1,37 @@
|
||||
--- ImageMagick/coders/dcm.c.orig 2007-04-03 18:27:57.000000000 +0200
|
||||
+++ ImageMagick/coders/dcm.c 2007-04-03 18:31:16.000000000 +0200
|
||||
@@ -2902,6 +2902,8 @@ static Image *ReadDCMImage(const ImageIn
|
||||
{
|
||||
data=(unsigned char *)
|
||||
AcquireMagickMemory((size_t) quantum*(length+1));
|
||||
+ if (length > ((~0UL)/quantum))
|
||||
+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
|
||||
if (data == (unsigned char *) NULL)
|
||||
ThrowReaderException(ResourceLimitError,
|
||||
"MemoryAllocationFailed");
|
||||
--- ImageMagick/coders/xwd.c.orig 2007-04-03 19:21:18.000000000 +0200
|
||||
+++ ImageMagick/coders/xwd.c 2007-04-03 19:24:36.000000000 +0200
|
||||
@@ -236,7 +236,9 @@ static Image *ReadXWDImage(const ImageIn
|
||||
if (header.header_size < sz_XWDheader)
|
||||
ThrowReaderException(CorruptImageError,"CorruptImage");
|
||||
length=(size_t) header.header_size-sz_XWDheader;
|
||||
- comment=(char *) AcquireMagickMemory(length+MaxTextExtent);
|
||||
+ if (length > ((~0UL)/sizeof(*comment)))
|
||||
+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
|
||||
+ comment=(char *) AcquireMagickMemory((length+1)*sizeof(*comment));
|
||||
if (comment == (char *) NULL)
|
||||
ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
|
||||
count=ReadBlob(image,length,(unsigned char *) comment);
|
||||
@@ -278,8 +281,10 @@ static Image *ReadXWDImage(const ImageIn
|
||||
XWDColor
|
||||
color;
|
||||
|
||||
- colors=(XColor *)
|
||||
- AcquireMagickMemory((size_t) header.ncolors*sizeof(*colors));
|
||||
+ length=(size_t) header.ncolors;
|
||||
+ if (length > ((~0UL)/sizeof(*colors)))
|
||||
+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
|
||||
+ colors=(XColor *) AcquireMagickMemory(length*sizeof(*colors));
|
||||
if (colors == (XColor *) NULL)
|
||||
ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
|
||||
for (i=0; i < (long) header.ncolors; i++)
|
@ -9,7 +9,7 @@ Version: %{VER}.%{Patchlevel}
|
||||
%else
|
||||
Version: %{VER}
|
||||
%endif
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
License: freeware
|
||||
Group: Applications/Multimedia
|
||||
%if "%{Patchlevel}" != ""
|
||||
@ -22,6 +22,9 @@ Patch1: ImageMagick-6.2.1-local_doc.patch
|
||||
Patch2: ImageMagick-6.2.8-multilib.patch
|
||||
Patch3: ImageMagick-6.3.2-perl-parallel-build.patch
|
||||
Patch4: ImageMagick-6.3.2-perl-liblink.patch
|
||||
# 235075
|
||||
Patch5: ImageMagick-6.2.8-CVE-2007-1797.patch
|
||||
|
||||
|
||||
Url: http://www.imagemagick.org/
|
||||
Buildroot: %{_tmppath}/%{name}-%{version}-root
|
||||
@ -122,7 +125,7 @@ however.
|
||||
%patch2 -p1 -b .multilib
|
||||
%patch3 -p1 -b .perl-build
|
||||
%patch4 -p1 -b .perl-link
|
||||
|
||||
%patch5 -p1 -b .cve-2007-1797
|
||||
|
||||
%build
|
||||
%configure --enable-shared \
|
||||
@ -258,6 +261,9 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%doc PerlMagick/demo/ PerlMagick/Changelog PerlMagick/README.txt
|
||||
|
||||
%changelog
|
||||
* Thu Apr 5 2007 Norm Murray <nmurray@redhat.com> 6.3.2.9-3.fc7
|
||||
- heap overflows (#235075, CVE-2007-1797)
|
||||
|
||||
* Fri Mar 30 2007 Norm Murray <nmurray@redhat.com> 6.3.2.9-2.fc7
|
||||
- perlmagick build fix (#231259)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user