Fix CVE-2024-46956
This commit is contained in:
liningjie
parent
ee247a20cb
commit
b3bb4f8ce3
30
backport-CVE-2024-46956.patch
Normal file
30
backport-CVE-2024-46956.patch
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
From ea69a1388245ad959d31c272b5ba66d40cebba2c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Zdenek Hutyra <zhutyra@centrum.cz>
|
||||||
|
Date: Tue, 23 Jul 2024 11:48:39 +0100
|
||||||
|
Subject: [PATCH] PostScript interpreter - fix buffer length check
|
||||||
|
|
||||||
|
Bug 707895
|
||||||
|
|
||||||
|
See bug report for details.
|
||||||
|
|
||||||
|
CVE-2024-46956
|
||||||
|
---
|
||||||
|
psi/zfile.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/psi/zfile.c b/psi/zfile.c
|
||||||
|
index fe3f7e9..027f412 100644
|
||||||
|
--- a/psi/zfile.c
|
||||||
|
+++ b/psi/zfile.c
|
||||||
|
@@ -440,7 +440,7 @@ file_continue(i_ctx_t *i_ctx_p)
|
||||||
|
if (code == ~(uint) 0) { /* all done */
|
||||||
|
esp -= 5; /* pop proc, pfen, devlen, iodev , mark */
|
||||||
|
return o_pop_estack;
|
||||||
|
- } else if (code > len) { /* overran string */
|
||||||
|
+ } else if (code > len - devlen) { /* overran string */
|
||||||
|
return_error(gs_error_rangecheck);
|
||||||
|
}
|
||||||
|
else if (iodev != iodev_default(imemory)
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
||||||
@ -9,7 +9,7 @@
|
|||||||
|
|
||||||
Name: ghostscript
|
Name: ghostscript
|
||||||
Version: 9.55.0
|
Version: 9.55.0
|
||||||
Release: 12
|
Release: 13
|
||||||
Summary: An interpreter for PostScript and PDF files
|
Summary: An interpreter for PostScript and PDF files
|
||||||
License: AGPLv3+
|
License: AGPLv3+
|
||||||
URL: https://ghostscript.com/
|
URL: https://ghostscript.com/
|
||||||
@ -44,6 +44,7 @@ Patch17: Bug-707510-5-2-The-original-fix-was-overly-aggressive.patch
|
|||||||
|
|
||||||
Patch18: Bug-707510-fix-LIBIDN-usage.patch
|
Patch18: Bug-707510-fix-LIBIDN-usage.patch
|
||||||
Patch19: backport-CVE-2024-46953.patch
|
Patch19: backport-CVE-2024-46953.patch
|
||||||
|
Patch20: backport-CVE-2024-46956.patch
|
||||||
|
|
||||||
BuildRequires: automake gcc
|
BuildRequires: automake gcc
|
||||||
BuildRequires: adobe-mappings-cmap-devel adobe-mappings-pdf-devel
|
BuildRequires: adobe-mappings-cmap-devel adobe-mappings-pdf-devel
|
||||||
@ -204,6 +205,12 @@ install -m 0755 -d %{buildroot}%{_datadir}/%{name}/conf.d/
|
|||||||
%{_bindir}/dvipdf
|
%{_bindir}/dvipdf
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Oct 25 2024 liningjie <liningjie@xfusion.com> - 9.55.0-13
|
||||||
|
- Type:CVE
|
||||||
|
- ID:NA
|
||||||
|
- SUG:NA
|
||||||
|
- DECS: Fix CVE-2024-46956
|
||||||
|
|
||||||
* Fri Oct 25 2024 liningjie <liningjie@xfusion.com> - 9.55.0-12
|
* Fri Oct 25 2024 liningjie <liningjie@xfusion.com> - 9.55.0-12
|
||||||
- Type:CVE
|
- Type:CVE
|
||||||
- ID:NA
|
- ID:NA
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user