Related: rhbz#1418992 backport CVE-2016-9317 to embedded libwmf gd

libwmf-0.2.8.4-CVE-2016-9317.patch

@@ -0,0 +1,21 @@
+--- libwmf-0.2.8.4/src/extra/gd/gd.c
++++ libwmf-0.2.8.4/src/extra/gd/gd.c
+@@ -65,6 +65,18 @@
+ {
+   int i;
+   gdImagePtr im;
++
++  if (overflow2(sx, sy)) {
++    return NULL;
++  }
++
++  if (overflow2(sizeof (unsigned char *), sy)) {
++    return NULL;
++  }
++  if (overflow2(sizeof (unsigned char), sx)) {
++    return NULL;
++  }
++
+   im = (gdImage *) gdMalloc (sizeof (gdImage));
+   memset (im, 0, sizeof (gdImage));
+   /* Row-major ever since gd 1.3 */

libwmf.spec

@@ -1,7 +1,7 @@
 Summary: Windows MetaFile Library
 Name: libwmf
 Version: 0.2.8.4
-Release: 49%{?dist}
+Release: 50%{?dist}
 Group: System Environment/Libraries
 #libwmf is under the LGPLv2+, however...
 #1. The tarball contains an old version of the urw-fonts under GPL+.
@@ -65,6 +65,8 @@ Patch19: libwmf-0.2.8.4-CVE-2015-4696.patch
 Patch20: libwmf-0.2.8.4-autoheader.patch
 # CVE-2016-9011
 Patch21: libwmf-0.2.8.4-CVE-2016-9011.patch
+# CVE-2016-9317
+Patch22: libwmf-0.2.8.4-CVE-2016-9317.patch
 
 Requires: urw-fonts
 Requires: %{name}-lite = %{version}-%{release}
@@ -119,6 +121,7 @@ using libwmf.
 %patch19 -p1 -b .CVE-2015-4696
 %patch20 -p1 -b .autoheader
 %patch21 -p1 -b .CVE-2016-9011
+%patch22 -p1 -b .CVE-2016-9317
 f=README ; iconv -f iso-8859-2 -t utf-8 $f > $f.utf8 ; mv $f.utf8 $f
 
 %build
@@ -180,6 +183,9 @@ sed -i $RPM_BUILD_ROOT%{_datadir}/libwmf/fonts/fontmap -e 's#libwmf/fonts#fonts/
 
 
 %changelog
+* Wed Feb 08 2017 Caolán McNamara <caolanm@redhat.com> - 0.2.8.4-50
+- CVE-2016-9317
+
 * Wed Oct 26 2016 Caolán McNamara <caolanm@redhat.com> - 0.2.8.4-49
 - Resolves: rhbz#1388451 (CVE-2016-9011) check max claimed record len
             against max seekable position