Fix CVE-2024-46956

2024-10-25 18:37:39 +08:00 · 2024-10-25 18:37:39 +08:00 · b3bb4f8ce3
commit b3bb4f8ce3
parent ee247a20cb
2 changed files with 38 additions and 1 deletions
--- a/backport-CVE-2024-46956.patch
+++ b/backport-CVE-2024-46956.patch
@ -0,0 +1,30 @@
+From ea69a1388245ad959d31c272b5ba66d40cebba2c Mon Sep 17 00:00:00 2001
+From: Zdenek Hutyra <zhutyra@centrum.cz>
+Date: Tue, 23 Jul 2024 11:48:39 +0100
+Subject: [PATCH] PostScript interpreter - fix buffer length check
+
+Bug 707895
+
+See bug report for details.
+
+CVE-2024-46956
+---
+ psi/zfile.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/psi/zfile.c b/psi/zfile.c
+index fe3f7e9..027f412 100644
+--- a/psi/zfile.c
+++ b/psi/zfile.c
+@@ -440,7 +440,7 @@ file_continue(i_ctx_t *i_ctx_p)
+         if (code == ~(uint) 0) {    /* all done */
+             esp -= 5;               /* pop proc, pfen, devlen, iodev , mark */
+             return o_pop_estack;
+-        } else if (code > len) {      /* overran string */
+        } else if (code > len - devlen) {      /* overran string */
+             return_error(gs_error_rangecheck);
+         }
+         else if (iodev != iodev_default(imemory)
+-- 
+2.27.0
+
--- a/ghostscript.spec
+++ b/ghostscript.spec
@ -9,7 +9,7 @@

 Name:             ghostscript
 Version:          9.55.0
-Release:          12
+Release:          13
 Summary:          An interpreter for PostScript and PDF files
 License:          AGPLv3+
 URL:              https://ghostscript.com/
@ -44,6 +44,7 @@ Patch17:  Bug-707510-5-2-The-original-fix-was-overly-aggressive.patch

 Patch18:  Bug-707510-fix-LIBIDN-usage.patch
 Patch19:   backport-CVE-2024-46953.patch
+Patch20:   backport-CVE-2024-46956.patch

 BuildRequires:    automake gcc
 BuildRequires:    adobe-mappings-cmap-devel adobe-mappings-pdf-devel
@ -204,6 +205,12 @@ install -m 0755 -d %{buildroot}%{_datadir}/%{name}/conf.d/
 %{_bindir}/dvipdf

 %changelog
+* Fri Oct 25 2024 liningjie <liningjie@xfusion.com> - 9.55.0-13
+- Type:CVE
+- ID:NA
+- SUG:NA
+- DECS: Fix CVE-2024-46956
+
 * Fri Oct 25 2024 liningjie <liningjie@xfusion.com> - 9.55.0-12
 - Type:CVE
 - ID:NA