packages/LibRaw
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2025-43963

Browse Source 
Signed-off-by: hdliu <dev03108@linx-info.com>
(cherry picked from commit 17fcfecd9864d8df5b75cb8e3472fc78755a516c)
This commit is contained in:
hdliu 2025-04-21 13:15:05 +08:00 committed by openeuler-sync-bot
parent 1f639e8ed5
commit 228066cf1d
2 changed files with 41 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
LibRaw.spec
View File

@ -1,6 +1,6 @@
Name: LibRaw Name: LibRaw
Version: 0.20.2 Version: 0.20.2
Release: 7 Release: 8
Summary: Library for reading RAW files obtained from digital photo cameras Summary: Library for reading RAW files obtained from digital photo cameras
License: BSD and (CDDL-1.0 or LGPLv2) License: BSD and (CDDL-1.0 or LGPLv2)
URL: http://www.libraw.org URL: http://www.libraw.org
@ -13,6 +13,8 @@ Patch0004: fix-use-of-uninitialized-value-in-misc_parsers.patch
Patch0005: CVE-2023-1729.patch Patch0005: CVE-2023-1729.patch
# https://github.com/LibRaw/LibRaw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49 # https://github.com/LibRaw/LibRaw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49
Patch0006: CVE-2021-32142.patch Patch0006: CVE-2021-32142.patch
Patch0007: backport-upstream_CVE-2025-43963.patch
BuildRequires: gcc-c++ pkgconfig(lcms2) pkgconfig(libjpeg) BuildRequires: gcc-c++ pkgconfig(lcms2) pkgconfig(libjpeg)
BuildRequires: autoconf automake libtool BuildRequires: autoconf automake libtool
Provides: bundled(dcraw) = 9.25 Provides: bundled(dcraw) = 9.25
@ -73,6 +75,9 @@ rm -rfv samples/.deps samples/.dirstamp samples/*.o
%exclude %{_docdir}/libraw/* %exclude %{_docdir}/libraw/*
%changelog %changelog
* Mon Apr 21 2025 hdliu <hdliu@linx-info.com> - 0.20.2-8
- Fix CVE-2025-43963
* Tue Mar 26 2024 yaoxin <yao_xin001@hoperun.com> - 0.20.2-7 * Tue Mar 26 2024 yaoxin <yao_xin001@hoperun.com> - 0.20.2-7
- Fix CVE-2021-32142 - Fix CVE-2021-32142

35
backport-upstream_CVE-2025-43963.patch Normal file
View File

@ -0,0 +1,35 @@
From 70769b2a619f9f9bff9cd46285c1626156095411 Mon Sep 17 00:00:00 2001
From: root <root@localhost.localdomain>
Date: Mon, 21 Apr 2025 12:26:06 +0800
Subject: [PATCH] prevent out-of-buffer access in phase_one_correct()
Signed-off-by: hdliu <hdliu@linx-info.com>
---
src/decoders/load_mfbacks.cpp | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/decoders/load_mfbacks.cpp b/src/decoders/load_mfbacks.cpp
index 9d7c051..a8f2c6d 100644
--- a/src/decoders/load_mfbacks.cpp
+++ b/src/decoders/load_mfbacks.cpp
@@ -211,7 +211,7 @@ int LibRaw::phase_one_correct()
off_412 = ftell(ifp) - 38;
}
}
- else if (tag == 0x041f && !qlin_applied)
+ else if (tag == 0x041f && !qlin_applied && ph1.split_col > 0 && ph1.split_col < raw_width && ph1.split_row > 0 && ph1.split_row < raw_height)
{ /* Quadrant linearization */
ushort lc[2][2][16], ref[16];
int qr, qc;
@@ -288,7 +288,7 @@ int LibRaw::phase_one_correct()
}
qmult_applied = 1;
}
- else if (tag == 0x0431 && !qmult_applied)
+ else if (tag == 0x0431 && !qmult_applied && ph1.split_col > 0 && ph1.split_col < raw_width && ph1.split_row > 0 && ph1.split_row < raw_height)
{ /* Quadrant combined */
ushort lc[2][2][7], ref[7];
int qr, qc;
--
2.33.0