RHEL-15067 CVE-2020-27792 ghostscript: heap buffer over write vulnerability in GhostScript's lp8000_print_page() in gdevlp8k.c
Resolves: RHEL-15067
This commit is contained in:
Zdenek Dohnal
parent
df75ada1e2
commit
985ef6b61d
@ -0,0 +1,31 @@
|
||||
From 4f6bc662909ab79e8fbe9822afb36e8a0eafc2b7 Mon Sep 17 00:00:00 2001
|
||||
From: Julian Smith <jules@op59.net>
|
||||
Date: Wed, 6 Nov 2019 12:41:28 +0000
|
||||
Subject: [PATCH] Bug 701844: fixed output buffer size worst case in
|
||||
lp8000_print_page().
|
||||
|
||||
Fixes:
|
||||
./sanbin/gs -dBATCH -dNOPAUSE -dSAFER -dFIXEDMEDIA -sPAPERSIZE=legal -sOutputFile=tmp -sDEVICE=lp8000 ../bug-701844.pdf
|
||||
---
|
||||
devices/gdevlp8k.c | 5 ++++-
|
||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/devices/gdevlp8k.c b/devices/gdevlp8k.c
|
||||
index 0a9bc03c8..55af94df0 100644
|
||||
--- a/devices/gdevlp8k.c
|
||||
+++ b/devices/gdevlp8k.c
|
||||
@@ -185,7 +185,10 @@ lp8000_print_page(gx_device_printer *pdev, gp_file *prn_stream)
|
||||
unsigned int report_size;
|
||||
|
||||
byte *buf1 = (byte *)gs_malloc(pdev->memory, in_size, 1, "lp8000_print_page(buf1)");
|
||||
- byte *buf2 = (byte *)gs_malloc(pdev->memory, in_size, 1, "lp8000_print_page(buf2)");
|
||||
+
|
||||
+ /* Worst case for rle compression below is 3 bytes for each 2 bytes of
|
||||
+ input, with extra final byte. */
|
||||
+ byte *buf2 = (byte *)gs_malloc(pdev->memory, in_size * 3 / 2 + 2, 1, "lp8000_print_page(buf2)");
|
||||
byte *in = buf1;
|
||||
byte *out = buf2;
|
||||
|
||||
--
|
||||
2.49.0
|
||||
|
||||
@ -135,6 +135,8 @@ Patch027: 0001-Bug-701949-Add-omitEOD-flag-to-RLE-compressor-and-us.patch
|
||||
Patch028: gs-CVE-2023-46751.patch
|
||||
# RHEL-67046 CVE-2024-46951 ghostscript: Arbitrary Code Execution in Artifex Ghostscript Pattern Color Space
|
||||
Patch029: 0001-PS-interpreter-check-the-type-of-the-Pattern-Impleme.patch
|
||||
# RHEL-15067 CVE-2020-27792 ghostscript: heap buffer over write vulnerability in GhostScript's lp8000_print_page() in gdevlp8k.c
|
||||
Patch030: 0001-Bug-701844-fixed-output-buffer-size-worst-case-in-lp.patch
|
||||
|
||||
|
||||
# Downstream patches -- these should be always included when doing rebase:
|
||||
@ -478,6 +480,7 @@ done
|
||||
* Tue Apr 15 2025 Zdenek Dohnal <zdohnal@redhat.com> - 9.27-16
|
||||
- RHEL-18396 CVE-2023-46751 ghostscript: dangling pointer in gdev_prn_open_printer_seekable()
|
||||
- RHEL-67046 CVE-2024-46951 ghostscript: Arbitrary Code Execution in Artifex Ghostscript Pattern Color Space
|
||||
- RHEL-15067 CVE-2020-27792 ghostscript: heap buffer over write vulnerability in GhostScript's lp8000_print_page() in gdevlp8k.c
|
||||
|
||||
* Mon Oct 14 2024 Zdenek Dohnal <zdohnal@redhat.com> - 9.27-15
|
||||
- fix printing PCL XL on some printers
|
||||
|
||||
Loading…
Reference in New Issue
Block a user