fix for CVE-2023-4042
Resolves: rhbz#2228153
This commit is contained in:
parent
f9092f6545
commit
5303b4c6f4
28
ghostscript-9.27-CVE-2023-4042.patch
Normal file
28
ghostscript-9.27-CVE-2023-4042.patch
Normal file
@ -0,0 +1,28 @@
|
||||
From 2793769ff107d8d22dadd30c6e68cd781b569550 Mon Sep 17 00:00:00 2001
|
||||
From: Julian Smith <jules@op59.net>
|
||||
Date: Mon, 4 Nov 2019 12:30:33 +0000
|
||||
Subject: [PATCH] Bug 701819: fixed ordering in if expression to avoid
|
||||
out-of-bounds access.
|
||||
|
||||
Fixes:
|
||||
./sanbin/gs -dBATCH -dNOPAUSE -r965 -sOutputFile=tmp -sDEVICE=pcx16 ../bug-701819.pdf
|
||||
---
|
||||
devices/gdevpcx.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/devices/gdevpcx.c b/devices/gdevpcx.c
|
||||
index 1735851d2..91de4abb6 100644
|
||||
--- a/devices/gdevpcx.c
|
||||
+++ b/devices/gdevpcx.c
|
||||
@@ -442,7 +442,7 @@ pcx_write_rle(const byte * from, const byte * end, int step, gp_file * file)
|
||||
byte data = *from;
|
||||
|
||||
from += step;
|
||||
- if (data != *from || from == end) {
|
||||
+ if (from >= end || data != *from) {
|
||||
if (data >= 0xc0)
|
||||
putc(0xc1, file);
|
||||
} else {
|
||||
--
|
||||
2.41.0
|
||||
|
@ -37,7 +37,7 @@
|
||||
Name: ghostscript
|
||||
Summary: Interpreter for PostScript language & PDF
|
||||
Version: 9.27
|
||||
Release: 10%{?dist}
|
||||
Release: 11%{?dist}
|
||||
|
||||
License: AGPLv3+
|
||||
|
||||
@ -111,6 +111,7 @@ Patch018: ghostscript-9.27-fix-bbox.patch
|
||||
Patch019: ghostscript-9.27-pdfwrite-Substituted-TTF-CIDFont-CID-hand.patch
|
||||
Patch020: ghostscript-9.27-CVE-2023-28879.patch
|
||||
Patch021: ghostscript-9.27-CVE-2023-38559.patch
|
||||
Patch022: ghostscript-9.27-CVE-2023-4042.patch
|
||||
|
||||
|
||||
# Downstream patches -- these should be always included when doing rebase:
|
||||
@ -451,6 +452,10 @@ done
|
||||
# =============================================================================
|
||||
|
||||
%changelog
|
||||
* Fri Aug 04 2023 Richard Lescak <rlescak@redhat.com> - 9.27-11
|
||||
- fix for CVE-2023-4042
|
||||
- Resolves: rhbz#2228153
|
||||
|
||||
* Fri Aug 04 2023 Richard Lescak <rlescak@redhat.com> - 9.27-10
|
||||
- fix for CVE-2023-38559
|
||||
- Resolves: rhbz#2224371
|
||||
|
Loading…
Reference in New Issue
Block a user