Fixed heap based buffer overflow in gd_color_match.c:gdImageColorMatch() in libgd as used in imagecolormatch()
This commit is contained in:
parent
88a1fee47a
commit
136a74b419
28
gd-2.2.5-heap-based-buffer-overflow.patch
Normal file
28
gd-2.2.5-heap-based-buffer-overflow.patch
Normal file
@ -0,0 +1,28 @@
|
||||
From 98b2e94e62d873acbcc6d968f1f97af9749fe021 Mon Sep 17 00:00:00 2001
|
||||
From: Ondrej Dubaj <odubaj@redhat.com>
|
||||
Date: Tue, 4 Jun 2019 10:54:45 +0200
|
||||
Subject: [PATCH] heap based buffer overflow in
|
||||
gd_color_match.c:gdImageColorMatch() in libgd as used in imagecolormatch()
|
||||
|
||||
---
|
||||
src/gd_color_match.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/gd_color_match.c b/src/gd_color_match.c
|
||||
index f0842b6..a94a841 100755
|
||||
--- a/src/gd_color_match.c
|
||||
+++ b/src/gd_color_match.c
|
||||
@@ -31,8 +31,8 @@ BGD_DECLARE(int) gdImageColorMatch (gdImagePtr im1, gdImagePtr im2)
|
||||
return -4; /* At least 1 color must be allocated */
|
||||
}
|
||||
|
||||
- buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * im2->colorsTotal);
|
||||
- memset (buf, 0, sizeof(unsigned long) * 5 * im2->colorsTotal );
|
||||
+ buf = (unsigned long *)gdMalloc(sizeof(unsigned long) * 5 * gdMaxColors);
|
||||
+ memset (buf, 0, sizeof(unsigned long) * 5 * gdMaxColors );
|
||||
|
||||
for (x=0; x < im1->sx; x++) {
|
||||
for( y=0; y<im1->sy; y++ ) {
|
||||
--
|
||||
2.17.1
|
||||
|
9
gd.spec
9
gd.spec
@ -9,7 +9,7 @@
|
||||
Summary: A graphics library for quick creation of PNG or JPEG images
|
||||
Name: gd
|
||||
Version: 2.2.5
|
||||
Release: 7%{?prever}%{?short}%{?dist}
|
||||
Release: 8%{?prever}%{?short}%{?dist}
|
||||
Group: System Environment/Libraries
|
||||
License: MIT
|
||||
URL: http://libgd.github.io/
|
||||
@ -26,6 +26,8 @@ Patch1: gd-2.1.0-multilib.patch
|
||||
Patch2: gd-2.2.5-upstream.patch
|
||||
# CVE-2018-1000222 - https://github.com/libgd/libgd/commit/ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5
|
||||
Patch3: gd-2.2.5-gdImageBmpPtr-double-free.patch
|
||||
# CVE-2019-6977
|
||||
Patch4: gd-2.2.5-heap-based-buffer-overflow.patch
|
||||
|
||||
BuildRequires: freetype-devel
|
||||
BuildRequires: fontconfig-devel
|
||||
@ -93,6 +95,7 @@ files for gd, a graphics library for creating PNG and JPEG graphics.
|
||||
%patch1 -p1 -b .mlib
|
||||
%patch2 -p1 -b .upstream
|
||||
%patch3 -p1 -b .gdImageBmpPtr-free
|
||||
%patch4 -p1
|
||||
|
||||
: $(perl config/getver.pl)
|
||||
|
||||
@ -166,6 +169,10 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc
|
||||
|
||||
|
||||
%changelog
|
||||
* Fri Nov 01 2019 odubaj@redhat.com - 2.2.5-8
|
||||
- Fixed heap based buffer overflow in gd_color_match.c:gdImageColorMatch() in libgd as used in imagecolormatch()
|
||||
- Resolves: RHBZ#1678104 (CVE-2019-6977)
|
||||
|
||||
* Fri Sep 07 2018 mskalick@redhat.com - 2.2.5-7
|
||||
- Add missing requires to libimagequent-devel
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user