guix/guix
3
5
Fork 0
mirror of git://git.savannah.gnu.org/guix.git synced 2023-12-14 03:33:07 +01:00
Code Issues Releases Wiki Activity

gnu: imagemagick: Fix CVE-2020-27829.

Browse source 
* gnu/packages/patches/imagemagick-CVE-2020-27829.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/imagemagick.scm (source): Add patch.
This commit is contained in:
Mark H Weaver 2021-03-27 08:08:37 -04:00
parent cb3ae2f246
commit bfc69d5e7c
No known key found for this signature in database
GPG key ID: 7CEF29847562C516
3 changed files with 31 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
gnu/local.mk
View file

@ -1220,6 +1220,7 @@ dist_patch_DATA = \
%D%/packages/patches/id3lib-UTF16-writing-bug.patch \
%D%/packages/patches/idris-disable-test.patch \
%D%/packages/patches/ilmbase-fix-tests.patch \
%D%/packages/patches/imagemagick-CVE-2020-27829.patch \
%D%/packages/patches/inetutils-hurd.patch \
%D%/packages/patches/inkscape-poppler-0.76.patch \
%D%/packages/patches/intel-xed-fix-nondeterminism.patch \

4
gnu/packages/imagemagick.scm
View file

@ -155,7 +155,9 @@ text, lines, polygons, ellipses and Bézier curves.")
version ".tar.xz"))
(sha256
(base32
"1pkwij76yz7vd5grl6520pgpa912qb6kh34qamx4zfndwcx6cf6b"))))))
"1pkwij76yz7vd5grl6520pgpa912qb6kh34qamx4zfndwcx6cf6b"))
(patches
(search-patches "imagemagick-CVE-2020-27829.patch"))))))
(define-public perl-image-magick
(package

27
gnu/packages/patches/imagemagick-CVE-2020-27829.patch Normal file
View file

@ -0,0 +1,27 @@
We omit the ChangeLog changes below, since they do not apply cleanly.
From 6ee5059cd3ac8d82714a1ab1321399b88539abf0 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Mon, 30 Nov 2020 16:26:59 +0000
Subject: [PATCH] possible TIFF related-heap buffer overflow (alert & POC by
Hardik Shah)
---
ChangeLog | 6 ++++++
coders/tiff.c | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/coders/tiff.c b/coders/tiff.c
index e98f927ab..1eecf17ae 100644
--- a/coders/tiff.c
+++ b/coders/tiff.c
@@ -1975,7 +1975,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
extent+=image->columns*sizeof(uint32);
#endif
strip_pixels=(unsigned char *) AcquireQuantumMemory(extent,
- sizeof(*strip_pixels));
+ 2*sizeof(*strip_pixels));
if (strip_pixels == (unsigned char *) NULL)
ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
(void) memset(strip_pixels,0,extent*sizeof(*strip_pixels));