mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-17 04:37:19 +00:00
python3-pillow: fix CVE-2026-40192
Backport commit[1] which fixes this vulnerability as mentioned NVD report in [2]. [1] https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628 [2] https://nvd.nist.gov/vuln/detail/CVE-2026-40192 [3] https://security-tracker.debian.org/tracker/CVE-2026-40192 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
committed by
Anuj Mittal
parent
955189fbcb
commit
fdf83ebd28
@@ -0,0 +1,50 @@
|
|||||||
|
From 3cb854e8b2bab43f40e342e665f9340d861aa628 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
|
||||||
|
Date: Wed, 1 Apr 2026 00:02:08 +0300
|
||||||
|
Subject: [PATCH] Only read as much data from gzip-decompressed data as
|
||||||
|
necessary (#9521)
|
||||||
|
|
||||||
|
CVE: CVE-2026-40192
|
||||||
|
Upstream-Status: Backport [https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628]
|
||||||
|
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
|
||||||
|
---
|
||||||
|
src/PIL/FitsImagePlugin.py | 23 ++++++++++++-----------
|
||||||
|
1 file changed, 12 insertions(+), 11 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/PIL/FitsImagePlugin.py b/src/PIL/FitsImagePlugin.py
|
||||||
|
index 071918925..7791adc50 100644
|
||||||
|
--- a/src/PIL/FitsImagePlugin.py
|
||||||
|
+++ b/src/PIL/FitsImagePlugin.py
|
||||||
|
@@ -124,17 +124,18 @@ class FitsGzipDecoder(ImageFile.PyDecoder):
|
||||||
|
|
||||||
|
def decode(self, buffer):
|
||||||
|
assert self.fd is not None
|
||||||
|
- value = gzip.decompress(self.fd.read())
|
||||||
|
-
|
||||||
|
- rows = []
|
||||||
|
- offset = 0
|
||||||
|
- number_of_bits = min(self.args[0] // 8, 4)
|
||||||
|
- for y in range(self.state.ysize):
|
||||||
|
- row = bytearray()
|
||||||
|
- for x in range(self.state.xsize):
|
||||||
|
- row += value[offset + (4 - number_of_bits) : offset + 4]
|
||||||
|
- offset += 4
|
||||||
|
- rows.append(row)
|
||||||
|
+ with gzip.open(self.fd) as fp:
|
||||||
|
+ value = fp.read(self.state.xsize * self.state.ysize * 4)
|
||||||
|
+
|
||||||
|
+ rows = []
|
||||||
|
+ offset = 0
|
||||||
|
+ number_of_bits = min(self.args[0] // 8, 4)
|
||||||
|
+ for y in range(self.state.ysize):
|
||||||
|
+ row = bytearray()
|
||||||
|
+ for x in range(self.state.xsize):
|
||||||
|
+ row += value[offset + (4 - number_of_bits) : offset + 4]
|
||||||
|
+ offset += 4
|
||||||
|
+ rows.append(row)
|
||||||
|
self.set_as_raw(bytes([pixel for row in rows[::-1] for pixel in row]))
|
||||||
|
return -1, 0
|
||||||
|
|
||||||
|
--
|
||||||
|
2.50.1
|
||||||
|
|
||||||
@@ -9,6 +9,7 @@ SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=main;protocol=https
|
|||||||
file://0001-support-cross-compiling.patch \
|
file://0001-support-cross-compiling.patch \
|
||||||
file://run-ptest \
|
file://run-ptest \
|
||||||
file://CVE-2026-25990.patch \
|
file://CVE-2026-25990.patch \
|
||||||
|
file://CVE-2026-40192.patch \
|
||||||
"
|
"
|
||||||
SRCREV = "5c89d88eee199ba53f64581ea39b6a1bc52feb1a"
|
SRCREV = "5c89d88eee199ba53f64581ea39b6a1bc52feb1a"
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user