Fix CVE-2017-7885: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7885 https://bugs.ghostscript.com/show_bug.cgi?id=697703 Patch copied from upstream source repository: https://git.ghostscript.com/?p=jbig2dec.git;a=commit;h=258290340bb657c9efb44457f717b0d8b49f4aa3 From 258290340bb657c9efb44457f717b0d8b49f4aa3 Mon Sep 17 00:00:00 2001 From: Shailesh Mistry Date: Wed, 3 May 2017 22:06:01 +0100 Subject: [PATCH] Bug 697703: Prevent integer overflow vulnerability. Add extra check for the offset being greater than the size of the image and hence reading off the end of the buffer. Thank you to Dai Ge for finding this issue and suggesting a patch. --- jbig2_symbol_dict.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jbig2_symbol_dict.c b/jbig2_symbol_dict.c index 4acaba9..36225cb 100644 --- a/jbig2_symbol_dict.c +++ b/jbig2_symbol_dict.c @@ -629,7 +629,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx, byte *dst = image->data; /* SumatraPDF: prevent read access violation */ - if (size - jbig2_huffman_offset(hs) < image->height * stride) { + if ((size - jbig2_huffman_offset(hs) < image->height * stride) || (size < jbig2_huffman_offset(hs))) { jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "not enough data for decoding (%d/%d)", image->height * stride, size - jbig2_huffman_offset(hs)); jbig2_image_release(ctx, image); -- 2.13.0 >
path: root/gnu/bootloader
AgeCommit message (Expand)Author
2024-05-22bootloader: Add u-boot-starfive-visionfive2-bootloader....Zheng Junjie
2024-03-31bootloader: Add u-boot-qemu-riscv64-bootloader....Zheng Junjie
2024-01-14bootloader: grub: Add support for loading an additional initrd....Tomas Volf
2023-12-22gnu: bootloader: Add orangepi-r1-plus-lts-rk3328 bootloader....Herman Rimm
2023-07-13bootloader: grub: Use rumpdisk-style root when booting with "noide"....Janneke Nieuwenhuizen