mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-16 04:17:25 +00:00
fontforge: patch CVE-2025-15275
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15275
Pick the patch that mentions this vulnerability ID explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
(cherry picked from commit edc3b69cef)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
committed by
Anuj Mittal
parent
8854244ac5
commit
22b196ccb5
@@ -0,0 +1,33 @@
|
|||||||
|
From 4c0658f56faf6d64382721a230ee57038035110a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ahmet Furkan Kavraz
|
||||||
|
<55850855+ahmetfurkankavraz@users.noreply.github.com>
|
||||||
|
Date: Fri, 9 Jan 2026 16:58:23 +0100
|
||||||
|
Subject: [PATCH] Fix CVE-2025-15275: Heap buffer overflow in SFD image parsing
|
||||||
|
(#5721)
|
||||||
|
|
||||||
|
Fixes: CVE-2025-15275 | ZDI-25-1189 | ZDI-CAN-28543
|
||||||
|
|
||||||
|
Co-authored-by: Ahmet Furkan Kavraz <kavraz@amazon.com>
|
||||||
|
|
||||||
|
CVE: CVE-2025-15275
|
||||||
|
Upstream-Status: Backport [https://github.com/fontforge/fontforge/commit/7195402701ace7783753ef9424153eff48c9af44]
|
||||||
|
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
||||||
|
---
|
||||||
|
fontforge/sfd.c | 4 ++++
|
||||||
|
1 file changed, 4 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/fontforge/sfd.c b/fontforge/sfd.c
|
||||||
|
index cd661584b..4db9feebb 100644
|
||||||
|
--- a/fontforge/sfd.c
|
||||||
|
+++ b/fontforge/sfd.c
|
||||||
|
@@ -3724,6 +3724,10 @@ static ImageList *SFDGetImage(FILE *sfd) {
|
||||||
|
getint(sfd,&image_type);
|
||||||
|
getint(sfd,&bpl);
|
||||||
|
getint(sfd,&clutlen);
|
||||||
|
+ if ( clutlen < 0 || clutlen > 256 ) {
|
||||||
|
+ LogError(_("Invalid clut length %d in sfd file, must be between 0 and 256"), clutlen);
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
gethex(sfd,&trans);
|
||||||
|
image = GImageCreate(image_type,width,height);
|
||||||
|
base = image->list_len==0?image->u.image:image->u.images[0];
|
||||||
@@ -23,6 +23,7 @@ SRC_URI = "git://github.com/${BPN}/${BPN}.git;branch=master;protocol=https \
|
|||||||
file://CVE-2024-25081_CVE-2024-25082.patch \
|
file://CVE-2024-25081_CVE-2024-25082.patch \
|
||||||
file://CVE-2025-15279-1.patch \
|
file://CVE-2025-15279-1.patch \
|
||||||
file://CVE-2025-15279-2.patch \
|
file://CVE-2025-15279-2.patch \
|
||||||
|
file://CVE-2025-15275.patch \
|
||||||
"
|
"
|
||||||
|
|
||||||
S = "${WORKDIR}/git"
|
S = "${WORKDIR}/git"
|
||||||
|
|||||||
Reference in New Issue
Block a user