1
0
mirror of https://git.yoctoproject.org/poky synced 2026-07-17 04:07:06 +00:00

ghostscript: fix CVE-2021-45949

Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish
(called from sampled_data_continue and interp).

To apply this CVE-2021-45959 patch,
the check-stack-limits-after-function-evalution.patch should be applied first.

References:
https://nvd.nist.gov/vuln/detail/CVE-2021-45949

(From OE-Core rev: 5fb43ed64ae32abe4488f2eb37c1b82f97f83db0)

(From OE-Core rev: 9b0199a1d8ec3c7bbfd2022932d524d61f2c6832)

Signed-off-by: Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Minjae Kim
2022-02-28 11:38:38 +08:00
committed by Richard Purdie
parent b2bd31b9cc
commit f8d05252d1
3 changed files with 118 additions and 0 deletions
@@ -34,6 +34,8 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
file://avoid-host-contamination.patch \
file://mkdir-p.patch \
file://0001-Bug-704342-Include-device-specifier-strings-in-acces.patch \
file://check-stack-limits-after-function-evalution.patch \
file://CVE-2021-45949.patch \
"
SRC_URI = "${SRC_URI_BASE} \