From 76e8566c1b3c4876d649e712a5c8c473fd48d134 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Fri, 14 Oct 2016 11:28:21 +0300 Subject: gnu: freeimage: Fix CVE-2016-5684. * gnu/packages/image.scm (freeimage)[source]: Add patch. * gnu/packages/patches/freeimage-CVE-2016-5684.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/packages/patches/freeimage-CVE-2016-5684.patch | 34 ++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 gnu/packages/patches/freeimage-CVE-2016-5684.patch (limited to 'gnu/packages/patches/freeimage-CVE-2016-5684.patch') diff --git a/gnu/packages/patches/freeimage-CVE-2016-5684.patch b/gnu/packages/patches/freeimage-CVE-2016-5684.patch new file mode 100644 index 0000000000..2fc02d7b0d --- /dev/null +++ b/gnu/packages/patches/freeimage-CVE-2016-5684.patch @@ -0,0 +1,34 @@ +From: Debian Science Maintainers + +Date: Mon, 10 Oct 2016 08:22:44 +0100 +Subject: CVE-2016-5684 + +--- + Source/FreeImage/PluginXPM.cpp | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/Source/FreeImage/PluginXPM.cpp b/Source/FreeImage/PluginXPM.cpp +index a698321..cc7bd07 100644 +--- a/Source/FreeImage/PluginXPM.cpp ++++ b/Source/FreeImage/PluginXPM.cpp +@@ -181,6 +181,11 @@ Load(FreeImageIO *io, fi_handle handle, int page, int flags, void *data) { + } + free(str); + ++ // check info string ++ if((width <= 0) || (height <= 0) || (colors <= 0) || (cpp <= 0)) { ++ throw "Improperly formed info string"; ++ } ++ + if (colors > 256) { + dib = FreeImage_AllocateHeader(header_only, width, height, 24, FI_RGBA_RED_MASK, FI_RGBA_GREEN_MASK, FI_RGBA_BLUE_MASK); + } else { +@@ -193,7 +198,7 @@ Load(FreeImageIO *io, fi_handle handle, int page, int flags, void *data) { + FILE_RGBA rgba; + + str = ReadString(io, handle); +- if(!str) ++ if(!str || (strlen(str) < (size_t)cpp)) + throw "Error reading color strings"; + + std::string chrs(str,cpp); //create a string for the color chars using the first cpp chars -- cgit v1.2.3