We omit the ChangeLog changes below, since they do not apply cleanly. From 6ee5059cd3ac8d82714a1ab1321399b88539abf0 Mon Sep 17 00:00:00 2001 From: Cristy Date: Mon, 30 Nov 2020 16:26:59 +0000 Subject: [PATCH] possible TIFF related-heap buffer overflow (alert & POC by Hardik Shah) --- ChangeLog | 6 ++++++ coders/tiff.c | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/coders/tiff.c b/coders/tiff.c index e98f927ab..1eecf17ae 100644 --- a/coders/tiff.c +++ b/coders/tiff.c @@ -1975,7 +1975,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info, extent+=image->columns*sizeof(uint32); #endif strip_pixels=(unsigned char *) AcquireQuantumMemory(extent, - sizeof(*strip_pixels)); + 2*sizeof(*strip_pixels)); if (strip_pixels == (unsigned char *) NULL) ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed"); (void) memset(strip_pixels,0,extent*sizeof(*strip_pixels)); b right'>
aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/unzip-alt-iconv-utf8.patch
AgeCommit message (Expand)Author
2021-03-14gnu: unzip: Add patches from Fedora [security fixes]....Non-exhaustively fixes CVE-2016-9844, CVE-2018-1000035, CVE-2018-18384, and CVE-2019-13232. * gnu/packages/patches/unzip-COVSCAN-fix-unterminated-string.patch, gnu/packages/patches/unzip-CVE-2016-9844.patch, gnu/packages/patches/unzip-CVE-2018-1000035.patch, gnu/packages/patches/unzip-CVE-2018-18384.patch, gnu/packages/patches/unzip-case-insensitive.patch, gnu/packages/patches/unzip-alt-iconv-utf8-print.patch, gnu/packages/patches/unzip-alt-iconv-utf8.patch, gnu/packages/patches/unzip-close.patch, gnu/packages/patches/unzip-exec-shield.patch, gnu/packages/patches/unzip-fix-recmatch.patch, gnu/packages/patches/unzip-manpage-fix.patch, gnu/packages/patches/unzip-overflow.patch, gnu/packages/patches/unzip-symlink.patch, gnu/packages/patches/unzip-timestamp.patch, gnu/packages/patches/unzip-valgrind.patch, gnu/packages/patches/unzip-x-option.patch, gnu/packages/patches/unzip-zipbomb-manpage.patch, gnu/packages/patches/unzip-zipbomb-part1.patch, gnu/packages/patches/unzip-zipbomb-part2.patch, gnu/packages/patches/unzip-zipbomb-part3.patch: New patches. * gnu/local.mk (dist_patch_DATA): Register them. * gnu/packages/compression.scm (unzip/fixed): New variable. Apply patches. (unzip)[replacement]: Graft. Léo Le Bouter