mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-17 04:37:19 +00:00
imagemagick: patch CVE-2022-1115
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-1115 Pick the patch referenced in the NVD report. Tested successfully against the PoC described in the related Github issue[1]. [1]: https://github.com/ImageMagick/ImageMagick/issues/4974 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
@@ -0,0 +1,25 @@
|
|||||||
|
From 0d8ca198fd90d882e524a3bc2eed55aff5c737c1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Cristy <urban-warrior@imagemagick.org>
|
||||||
|
Date: Tue, 22 Mar 2022 20:11:27 -0400
|
||||||
|
Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/4974
|
||||||
|
|
||||||
|
CVE: CVE-2022-1115
|
||||||
|
Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick6/commit/1f860f52bd8d58737ad883072203391096b30b51]
|
||||||
|
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
||||||
|
---
|
||||||
|
coders/tiff.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/coders/tiff.c b/coders/tiff.c
|
||||||
|
index d8e9a8953..c3767c8c3 100644
|
||||||
|
--- a/coders/tiff.c
|
||||||
|
+++ b/coders/tiff.c
|
||||||
|
@@ -1993,7 +1993,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
|
||||||
|
number_pixels=(MagickSizeType) columns*rows;
|
||||||
|
if (HeapOverflowSanityCheck(rows,sizeof(*tile_pixels)) != MagickFalse)
|
||||||
|
ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
|
||||||
|
- extent=TIFFTileSize(tiff);
|
||||||
|
+ extent=4*MagickMax(rows*TIFFTileRowSize(tiff),TIFFTileSize(tiff));
|
||||||
|
#if defined(TIFF_VERSION_BIG)
|
||||||
|
extent+=columns*sizeof(uint64);
|
||||||
|
#else
|
||||||
@@ -45,6 +45,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt
|
|||||||
file://0011-ImageMagick-Add-support-patch-2-to-fix-CVE-2023-3415.patch \
|
file://0011-ImageMagick-Add-support-patch-2-to-fix-CVE-2023-3415.patch \
|
||||||
file://0011-ImageMagick-Add-support-patch-3-to-fix-CVE-2023-3415.patch \
|
file://0011-ImageMagick-Add-support-patch-3-to-fix-CVE-2023-3415.patch \
|
||||||
file://0011-ImageMagick-Fix-CVE-2023-34151.patch \
|
file://0011-ImageMagick-Fix-CVE-2023-34151.patch \
|
||||||
|
file://CVE-2022-1115.patch \
|
||||||
"
|
"
|
||||||
|
|
||||||
SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"
|
SRCREV = "35b4991eb0939a327f3489988c366e21068b0178"
|
||||||
|
|||||||
Reference in New Issue
Block a user