packages/poppler
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2024-4141

Browse Source 
(cherry picked from commit ffd8a0a5b2c39f78f70ed0b2e866a71a9f4733f1)
This commit is contained in:
lingsheng 2024-09-25 03:28:39 +00:00 committed by openeuler-sync-bot
parent 4bb5f311fe
commit 26d52c9b23
2 changed files with 44 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
backport-CVE-2024-4141.patch Normal file
View File

@ -0,0 +1,36 @@
From 54e89f45560a3e73e172061a5551cf56b049256d Mon Sep 17 00:00:00 2001
From: lingsheng <lingsheng1@h-partners.com>
Date: Tue, 24 Sep 2024 11:34:58 +0000
Subject: [PATCH] fix CVE-2024-4141
Origin:https://bugzilla.suse.com/show_bug.cgi?id=1223375#c3
---
fofi/FoFiType1.cc | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/fofi/FoFiType1.cc b/fofi/FoFiType1.cc
index a4d82f2..dbb502c 100644
--- a/fofi/FoFiType1.cc
+++ b/fofi/FoFiType1.cc
@@ -212,7 +212,8 @@ void FoFiType1::parse() {
char *line, *line1, *firstLine, *p, *p2;
char buf[256];
char c;
- int n, code, base, i, j;
+ unsigned int code;
+ int n, base, i, j;
char *tokptr;
bool gotMatrix, continueLine;
@@ -304,7 +305,7 @@ void FoFiType1::parse() {
}
++p;
for (p2 = p; *p2 && *p2 != ' ' && *p2 != '\t'; ++p2) ;
- if (code >= 0 && code < 256) {
+ if (code < 256) {
c = *p2;
*p2 = '\0';
gfree(encoding[code]);
--
2.33.0

9
poppler.spec
View File

@ -4,7 +4,7 @@
Summary: PDF rendering library Summary: PDF rendering library
Name: poppler Name: poppler
Version: 0.90.0 Version: 0.90.0
Release: 8 Release: 9
License: (GPLv2 or GPLv3) and GPLv2+ and LGPLv2+ and MIT License: (GPLv2 or GPLv3) and GPLv2+ and LGPLv2+ and MIT
URL: http://poppler.freedesktop.org/ URL: http://poppler.freedesktop.org/
Source0: http://poppler.freedesktop.org/poppler-%{version}.tar.xz Source0: http://poppler.freedesktop.org/poppler-%{version}.tar.xz
@ -24,6 +24,7 @@ Patch6006: backport-CVE-2022-37052.patch
Patch6007: backport-CVE-2022-38349.patch Patch6007: backport-CVE-2022-38349.patch
Patch6008: backport-CVE-2020-36023.patch Patch6008: backport-CVE-2020-36023.patch
Patch6009: backport-CVE-2024-6239.patch Patch6009: backport-CVE-2024-6239.patch
Patch6010: backport-CVE-2024-4141.patch
BuildRequires: cmake BuildRequires: cmake
BuildRequires: gcc-c++ BuildRequires: gcc-c++
@ -223,6 +224,12 @@ test "$(pkg-config --modversion poppler-splash)" = "%{version}"
%{_mandir}/man1/* %{_mandir}/man1/*
%changelog %changelog
* Wed Sep 25 2024 lingsheng <lingsheng1@h-partners.com> - 0.90.0-9
- Type:CVE
- CVE:CVE-2024-4141
- SUG:NA
- DESC:fix CVE-2024-4141
* Tue Jun 25 2024 lingsheng <lingsheng1@h-partners.com> - 0.90.0-8 * Tue Jun 25 2024 lingsheng <lingsheng1@h-partners.com> - 0.90.0-8
- Type:CVE - Type:CVE
- CVE:CVE-2024-6239 - CVE:CVE-2024-6239