summaryrefslogtreecommitdiff
path: root/gnu/packages/patches/imagemagick-CVE-2020-27829.patch
diff options
context:
space:
mode:
authorEfraim Flashner <efraim@flashner.co.il>2021-04-16 14:39:48 +0300
committerEfraim Flashner <efraim@flashner.co.il>2021-04-16 14:39:48 +0300
commitfcc39864dba82e14895afbe841091091366c96bc (patch)
tree6e0f05495fd6512051224dc85fd3ab495cbf1a24 /gnu/packages/patches/imagemagick-CVE-2020-27829.patch
parent76fc36d0a7215979bb74c05840f5a4de4ab5ea93 (diff)
parent44f9432705d04c069a8acf9e37e3ad856ac0bf82 (diff)
Merge remote-tracking branch 'origin/master' into core-updates
Conflicts: gnu/local.mk gnu/packages/boost.scm gnu/packages/chez.scm gnu/packages/compression.scm gnu/packages/crates-io.scm gnu/packages/docbook.scm gnu/packages/engineering.scm gnu/packages/gcc.scm gnu/packages/gl.scm gnu/packages/gtk.scm gnu/packages/nettle.scm gnu/packages/python-check.scm gnu/packages/python-xyz.scm gnu/packages/radio.scm gnu/packages/rust.scm gnu/packages/sqlite.scm guix/build-system/node.scm
Diffstat (limited to 'gnu/packages/patches/imagemagick-CVE-2020-27829.patch')
-rw-r--r--gnu/packages/patches/imagemagick-CVE-2020-27829.patch27
1 files changed, 27 insertions, 0 deletions
diff --git a/gnu/packages/patches/imagemagick-CVE-2020-27829.patch b/gnu/packages/patches/imagemagick-CVE-2020-27829.patch
new file mode 100644
index 0000000000..b15c1d0879
--- /dev/null
+++ b/gnu/packages/patches/imagemagick-CVE-2020-27829.patch
@@ -0,0 +1,27 @@
+We omit the ChangeLog changes below, since they do not apply cleanly.
+
+
+From 6ee5059cd3ac8d82714a1ab1321399b88539abf0 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Mon, 30 Nov 2020 16:26:59 +0000
+Subject: [PATCH] possible TIFF related-heap buffer overflow (alert & POC by
+ Hardik Shah)
+
+---
+ ChangeLog | 6 ++++++
+ coders/tiff.c | 2 +-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/coders/tiff.c b/coders/tiff.c
+index e98f927ab..1eecf17ae 100644
+--- a/coders/tiff.c
++++ b/coders/tiff.c
+@@ -1975,7 +1975,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+ extent+=image->columns*sizeof(uint32);
+ #endif
+ strip_pixels=(unsigned char *) AcquireQuantumMemory(extent,
+- sizeof(*strip_pixels));
++ 2*sizeof(*strip_pixels));
+ if (strip_pixels == (unsigned char *) NULL)
+ ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
+ (void) memset(strip_pixels,0,extent*sizeof(*strip_pixels));
generated by cgit v1.2.3 (git 2.46.2) at 2024-11-10 07:40:09 +0000