Compare commits

...

No commits in common. "c8" and "c8-beta" have entirely different histories.
c8 ... c8-beta

2 changed files with 1 additions and 41 deletions

View File

@ -1,34 +0,0 @@
From 3e8d3382937e0c2891478f3a58bd225de3a53ba5 Mon Sep 17 00:00:00 2001
From: Gabriele Barbero <barbero.gabriele03@gmail.com>
Date: Fri, 5 Dec 2025 00:20:22 +0100
Subject: [PATCH] ZDI-CAN-28266: guard against buffer overflow
In rgbe_read_new_rle we check whether there is still space in the buffer,
but we do not verify that the run length fits within the remaining capacity.
This can lead to a buffer overflow. This patch adds a check to ensure that
the run length does not exceed the available space.
---
libs/rgbe/rgbe.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/libs/rgbe/rgbe.c b/libs/rgbe/rgbe.c
index 890eb64..8f29778 100644
--- a/libs/rgbe/rgbe.c
+++ b/libs/rgbe/rgbe.c
@@ -650,6 +650,13 @@ rgbe_read_new_rle (const rgbe_file *file,
data++;
+ /* Check if there's enought space in the buffer to avoid OOB */
+ if (length > (pixels + RGBE_NUM_RGBE * linesize - pixoffset[component]) / RGBE_NUM_RGBE)
+ {
+ g_warning ("Buffer overflow detected.");
+ return FALSE;
+ }
+
/* A compressed run */
if (rle)
{
--
2.52.0

View File

@ -16,7 +16,7 @@
Summary: A graph based image processing framework Summary: A graph based image processing framework
Name: gegl Name: gegl
Version: 0.2.0 Version: 0.2.0
Release: 40%{?dist} Release: 39%{?dist}
# Compute some version related macros # Compute some version related macros
# Ugly hack, you need to get your quoting backslashes/percent signs straight # Ugly hack, you need to get your quoting backslashes/percent signs straight
@ -37,8 +37,6 @@ Patch4: gegl-0.2.0-linker-flags.patch
Patch5: gegl-0.2.0-libopenraw.patch Patch5: gegl-0.2.0-libopenraw.patch
Patch6: gegl-0.2.0-ppc64-rand-fix.patch Patch6: gegl-0.2.0-ppc64-rand-fix.patch
Patch7: gegl-build-without-exiv2.patch Patch7: gegl-build-without-exiv2.patch
# https://github.com/GNOME/gegl/commit/d32f1badb4bde1d6e8137f687d9ee1195768d4ed
Patch8: gegl-0.2.0-CVE-2026-2050.patch
BuildRequires: asciidoc BuildRequires: asciidoc
BuildRequires: babl-devel >= 0.1.10 BuildRequires: babl-devel >= 0.1.10
BuildRequires: cairo-devel BuildRequires: cairo-devel
@ -222,10 +220,6 @@ make check
%{_libdir}/pkgconfig/%{name}-%{apiver}.pc %{_libdir}/pkgconfig/%{name}-%{apiver}.pc
%changelog %changelog
* Thu Jun 25 2026 RHEL Packaging Agent <redhat-ymir-agent@redhat.com> - 0.2.0-40
- Fix buffer overflow in rgbe_read_new_rle() (CVE-2026-2050)
Resolves: RHEL-188260
* Mon Nov 04 2019 Jan Grulich <jgrulich@redhat.com> - 0.2.0-39 * Mon Nov 04 2019 Jan Grulich <jgrulich@redhat.com> - 0.2.0-39
- Build without exiv2 - Build without exiv2
Resolves: bz#1767748 Resolves: bz#1767748