Fixed buffer overflow when parsing BMP files

Resolves: CVE-2013-1953
2013-06-28 11:11:00 +02:00 · 2013-06-28 11:11:00 +02:00 · b038d5c137
commit b038d5c137
parent d385f9d169
2 changed files with 20 additions and 1 deletions
--- a/autotrace-0.31.1-CVE-2013-1953.patch
+++ b/autotrace-0.31.1-CVE-2013-1953.patch
@ -0,0 +1,12 @@
+diff -up autotrace-0.31.1/input-bmp.c.orig autotrace-0.31.1/input-bmp.c
+--- autotrace-0.31.1/input-bmp.c.orig	2002-10-10 22:44:08.000000000 +0200
+++ autotrace-0.31.1/input-bmp.c	2013-06-28 10:24:58.336056959 +0200
+@@ -166,7 +166,7 @@ input_bmp_reader (at_string filename,
+                                                         /* 36 */
+       Maps = 4;
+     }
+-  else if (Bitmap_File_Head.biSize <= 64) /* Probably OS/2 2.x */
+  else if (Bitmap_File_Head.biSize >= 40 && Bitmap_File_Head.biSize <= 64) /* Probably OS/2 2.x */
+     {
+       if (!ReadOK (fd, buffer, Bitmap_File_Head.biSize - 4))
+ 	{
--- a/autotrace.spec
+++ b/autotrace.spec
@ -1,6 +1,6 @@
 Name:           autotrace
 Version:        0.31.1
-Release:        33%{?dist}
+Release:        34%{?dist}
 Summary:        Utility for converting bitmaps to vector graphics
 Group:          Applications/Multimedia
 License:        GPLv2+ and LGPLv2+
@ -9,6 +9,8 @@ Source0:        http://download.sf.net/autotrace/autotrace-0.31.1.tar.gz
 Patch1:         autotrace-0001-Modify-GetOnePixel-usage-to-build-against-current-Im.patch
 Patch2:         autotrace-0002-Fixed-underquoted-AM_PATH_AUTOTRACE-definition.patch
 Patch3:         autotrace-0003-libpng-fix.patch
+# Sent upstream
+Patch4:         autotrace-0.31.1-CVE-2013-1953.patch
 BuildRequires:  ImageMagick-devel
 BuildRequires:  libpng-devel > 2:1.2
 BuildRequires:  libexif-devel
@ -46,6 +48,7 @@ This package contains header files and development libraries for autotrace.
 %patch1 -p1 -b .GetOnePixel
 %patch2 -p1 -b .aclocal18
 %patch3 -p1 -b .libpng15
+%patch4 -p1 -b .CVE-2013-1953

 %build
 %configure
@ -80,6 +83,10 @@ find $RPM_BUILD_ROOT -type f -name "*.a" -exec rm -f {} ';'


 %changelog
+* Fri Jun 28 2013 Jaroslav Škarvada <jskarvad@redhat.com> - 0.31.1-34
+- Fixed buffer overflow when parsing BMP files
+  Resolves: CVE-2013-1953
+
 * Mon Mar 18 2013 Jon Ciesla <limburgher@gmail.com> - 0.31.1-33
 - ImageMagick rebuild.