mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-13 17:39:57 +00:00
Code Issues Projects Releases Wiki Activity

giflib: patch CVE-2025-31344

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-31344

Backport the commit that mentions this CVE ID explicitly
in its message.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
Gyorgy Sarvari
2026-04-09 19:09:17 +12:00
committed by Anuj Mittal
parent 6d5a42a5e0
commit 7e723ad1c7
2 changed files with 30 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-devtools/giflib/giflib/CVE-2025-31344.patch
+28
View File
@@ -0,0 +1,28 @@
From 949bf7ded2c23449439e2c3e1f63368cf7985800 Mon Sep 17 00:00:00 2001
From: "Eric S. Raymond" <esr@thyrsus.com>
Date: Wed, 18 Feb 2026 18:06:50 -0500
Subject: [PATCH] Resolve SourceForge bug #187: CVE-2025-31344
CVE: CVE-2025-31344
Upstream-Status: Backport [https://sourceforge.net/p/giflib/code/ci/7bbe8ea1a595bb7509ffa0a86b076e9b720e85af]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
gif2rgb.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/gif2rgb.c b/gif2rgb.c
index d51226d..4ce2104 100644
--- a/gif2rgb.c
+++ b/gif2rgb.c
@@ -329,6 +329,11 @@ static void DumpScreen2RGB(char *FileName, int OneFileFlag,
GifRow = ScreenBuffer[i];
GifQprintf("\b\b\b\b%-4d", ScreenHeight - i);
for (j = 0; j < ScreenWidth; j++) {
+ /* Check if color is within color palete */
+ if (GifRow[j] >= ColorMap->ColorCount) {
+ GIF_EXIT(GifErrorString(
+ D_GIF_ERR_IMAGE_DEFECT));
+ }
ColorMapEntry = &ColorMap->Colors[GifRow[j]];
Buffers[0][j] = ColorMapEntry->Red;
Buffers[1][j] = ColorMapEntry->Green;
meta-oe/recipes-devtools/giflib/giflib_5.2.2.bb
+2 -1
View File
@@ -11,7 +11,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/giflib/${BP}.tar.gz \
https://sourceforge.net/p/giflib/code/ci/d54b45b0240d455bbaedee4be5203d2703e59967/tree/doc/giflib-logo.gif?format=raw;subdir=${BP}/doc;name=logo;downloadfilename=giflib-logo.gif \
file://0001-Makefile-fix-typo-in-soname-argument.patch \
file://CVE-2026-23868.patch \
"
file://CVE-2025-31344.patch \
"
SRC_URI[logo.sha256sum] = "1a54383986adad1521d00e003b4c482c27e8bc60690be944a1f3319c75abc2c9"
SRC_URI[sha256sum] = "be7ffbd057cadebe2aa144542fd90c6838c6a083b5e8a9048b8ee3b66b29d5fb"