diff --git a/CVE-2017-14520.patch b/CVE-2017-14520.patch new file mode 100644 index 0000000..f71ff53 --- /dev/null +++ b/CVE-2017-14520.patch @@ -0,0 +1,24 @@ +From 504b3590182175390f474657a372e78fb1508262 Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid +Date: Thu, 14 Sep 2017 19:14:23 +0200 +Subject: Splash::scaleImage: Do not try to scale if srcHeight or srcWidth are + < 1 + +Bug #102719 + +diff --git a/splash/Splash.cc b/splash/Splash.cc +index 39fc7d6..aba7814 100644 +--- a/splash/Splash.cc ++++ b/splash/Splash.cc +@@ -4152,7 +4152,7 @@ SplashBitmap *Splash::scaleImage(SplashImageSource src, void *srcData, + SplashBitmap *dest; + + dest = new SplashBitmap(scaledWidth, scaledHeight, 1, srcMode, srcAlpha, gTrue, bitmap->getSeparationList()); +- if (dest->getDataPtr() != NULL) { ++ if (dest->getDataPtr() != NULL && srcHeight > 0 && srcWidth > 0) { + if (scaledHeight < srcHeight) { + if (scaledWidth < srcWidth) { + scaleImageYdXd(src, srcData, srcMode, nComps, srcAlpha, +-- +cgit v0.10.2 + diff --git a/poppler.spec b/poppler.spec index 59580ac..4797d77 100644 --- a/poppler.spec +++ b/poppler.spec @@ -4,7 +4,7 @@ Summary: PDF rendering library Name: poppler Version: 0.59.0 -Release: 1%{?dist} +Release: 2%{?dist} License: (GPLv2 or GPLv3) and GPLv2+ and LGPLv2+ and MIT URL: http://poppler.freedesktop.org/ Source0: http://poppler.freedesktop.org/poppler-%{version}.tar.xz @@ -15,6 +15,8 @@ Source1: %{name}-test-%{test_date}_%{test_sha}.tar.xz Patch0: poppler-0.30.0-rotated-words-selection.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1113172 Patch1: 0001-workaround-a-bug-in-nss-header.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1494583 +Patch2: CVE-2017-14520.patch BuildRequires: gettext-devel BuildRequires: pkgconfig(cairo) @@ -279,6 +281,9 @@ test "$(pkg-config --modversion poppler-splash)" = "%{version}" %{_bindir}/poppler-glib-demo %changelog +* Mon Sep 15 2017 Caolán McNamara - 0.59.0-2 +- Resolves: rhbz#1494583 CVE-2017-14520 + * Mon Sep 04 2017 David Tardon - 0.59.0-1 - new upstream release