diff options
| author | Leo Famulari <leo@famulari.name> | 2016-08-27 17:31:52 -0400 |
|---|---|---|
| committer | Leo Famulari <leo@famulari.name> | 2016-08-27 17:35:21 -0400 |
| commit | 6bd9a3432c796b0affaa7a1d5516963847b37689 (patch) | |
| tree | fe3f42a46b0f25651671b7223771710edd4cd345 /gnu/packages/patches/mupdf-CVE-2016-6525.patch | |
| parent | b47f7510f032b795c60b1fa6628562e9f62044e4 (diff) | |
gnu: mupdf: Fix CVE-2016-{6265,6525}.
* gnu/packages/patches/mupdf-CVE-2016-6265.patch,
gnu/packages/patches/mupdf-CVE-2016-6525.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/pdf.scm (mupdf): Use them.
Diffstat (limited to 'gnu/packages/patches/mupdf-CVE-2016-6525.patch')
| -rw-r--r-- | gnu/packages/patches/mupdf-CVE-2016-6525.patch | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/gnu/packages/patches/mupdf-CVE-2016-6525.patch b/gnu/packages/patches/mupdf-CVE-2016-6525.patch new file mode 100644 index 0000000000..370af5ade6 --- /dev/null +++ b/gnu/packages/patches/mupdf-CVE-2016-6525.patch @@ -0,0 +1,21 @@ +Fix CVE-2016-6525 (heap overflow in pdf_load_mesh_params()). + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6525 +https://security-tracker.debian.org/tracker/CVE-2016-6525 + +Patch copied from upstream source repository: +http://git.ghostscript.com/?p=mupdf.git;h=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e + +diff --git a/source/pdf/pdf-shade.c b/source/pdf/pdf-shade.c +index 7815b3c..6e25efa 100644 +--- a/source/pdf/pdf-shade.c ++++ b/source/pdf/pdf-shade.c +@@ -206,7 +206,7 @@ pdf_load_mesh_params(fz_context *ctx, pdf_document *doc, fz_shade *shade, pdf_ob + obj = pdf_dict_get(ctx, dict, PDF_NAME_Decode); + if (pdf_array_len(ctx, obj) >= 6) + { +- n = (pdf_array_len(ctx, obj) - 4) / 2; ++ n = fz_mini(FZ_MAX_COLORS, (pdf_array_len(ctx, obj) - 4) / 2); + shade->u.m.x0 = pdf_to_real(ctx, pdf_array_get(ctx, obj, 0)); + shade->u.m.x1 = pdf_to_real(ctx, pdf_array_get(ctx, obj, 1)); + shade->u.m.y0 = pdf_to_real(ctx, pdf_array_get(ctx, obj, 2)); |