packages/djvulibre
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!41 Fix CVE-2021-46310,CVE-2021-46312

Browse Source 
From: @wk333 
Reviewed-by: @wang--ge 
Signed-off-by: @wang--ge
This commit is contained in:
openeuler-ci-bot 2023-09-13 08:01:58 +00:00 committed by Gitee
commit 90fb1b2da6
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
3 changed files with 45 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
CVE-2021-46310.patch Normal file
View File

@ -0,0 +1,19 @@
Origin: https://sourceforge.net/p/djvu/bugs/345/
Index: djvulibre-3.5.28/libdjvu/IW44Image.cpp
===================================================================
--- djvulibre-3.5.28.orig/libdjvu/IW44Image.cpp
+++ djvulibre-3.5.28/libdjvu/IW44Image.cpp
@@ -676,10 +676,10 @@ IW44Image::Map::image(signed char *img8,
// Allocate reconstruction buffer
short *data16;
size_t sz = bw * bh;
+ if (sz == 0) // bw or bh is zero
+ G_THROW("IW44Image: zero size image (corrupted file?)");
if (sz / (size_t)bw != (size_t)bh) // multiplication overflow
G_THROW("IW44Image: image size exceeds maximum (corrupted file?)");
- if (sz == 0)
- G_THROW("IW44Image: zero size image (corrupted file?)");
GPBuffer<short> gdata16(data16,sz);
if (data16 == NULL)
G_THROW("IW44Image: unable to allocate image data");

20
CVE-2021-46312.patch Normal file
View File

@ -0,0 +1,20 @@
Origin: https://sourceforge.net/p/djvu/bugs/344/
Index: djvulibre-3.5.28/libdjvu/IW44EncodeCodec.cpp
===================================================================
--- djvulibre-3.5.28.orig/libdjvu/IW44EncodeCodec.cpp
+++ djvulibre-3.5.28/libdjvu/IW44EncodeCodec.cpp
@@ -1424,7 +1424,12 @@ IWBitmap::Encode::init(const GBitmap &bm
int h = bm.rows();
int g = bm.get_grays()-1;
signed char *buffer;
- GPBuffer<signed char> gbuffer(buffer,w*h);
+ size_t sz = w * h;
+ if (sz == 0 || g <= 0) // w or h is zero or g is not positive
+ G_THROW("IWBitmap: zero size image (corrupted file?)");
+ if (sz / (size_t)w != (size_t)h) // multiplication overflow
+ G_THROW("IWBitmap: image size exceeds maximum (corrupted file?)");
+ GPBuffer<signed char> gbuffer(buffer,sz);
// Prepare gray level conversion table
signed char bconv[256];
for (i=0; i<256; i++)

7
djvulibre.spec
View File

@ -1,7 +1,7 @@
Name: djvulibre
Summary: An open source (GPL'ed) implementation of DjVu
Version: 3.5.27
Release: 18
Release: 19
License: GPLv2+
URL: http://djvu.sourceforge.net/
Source0: http://downloads.sourceforge.net/djvu/djvulibre-%{version}.tar.gz
@ -18,6 +18,8 @@ Patch9: CVE-2021-32492.patch
Patch10: CVE-2021-32493.patch
Patch11: CVE-2021-3500.patch
Patch12: CVE-2021-3630.patch
Patch13: CVE-2021-46310.patch
Patch14: CVE-2021-46312.patch
Requires(post): xdg-utils
Requires(preun): xdg-utils
@ -101,6 +103,9 @@ rm -f %{_datadir}/icons/hicolor/32x32/apps/djvulibre-djview3.png || :
%{_mandir}/man1/*
%changelog
* Wed Sep 13 2023 wangkai <13474090681@163.com> - 3.5.27-19
- Fix CVE-2021-46310,CVE-2021-46312
* Wed Jul 07 2021 wangyue<wangyue92@huawei.com> - 3.5.27-18
- Fix CVE-2021-3630