Fix CVE-2024-46951

2024-11-01 09:18:06 +00:00 · 2024-11-01 09:18:06 +00:00 · 850ccb1a4c
commit 850ccb1a4c
parent dff3251f64
2 changed files with 40 additions and 1 deletions
--- a/backport-CVE-2024-46951.patch
+++ b/backport-CVE-2024-46951.patch
@ -0,0 +1,31 @@
+From ada21374f0c90cc3acf7ce0e96302394560c7aee Mon Sep 17 00:00:00 2001
+From: Zdenek Hutyra <zhutyra@centrum.cz>
+Date: Fri, 30 Aug 2024 13:16:39 +0100
+Subject: [PATCH] PS interpreter - check the type of the Pattern Implementation
+
+Bug #707991
+
+See bug report for details.
+
+CVE-2024-46951
+---
+ psi/zcolor.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/psi/zcolor.c b/psi/zcolor.c
+index d4e7a4438..d3384d75d 100644
+--- a/psi/zcolor.c
+++ b/psi/zcolor.c
+@@ -5276,6 +5276,9 @@ static int patterncomponent(i_ctx_t * i_ctx_p, ref *space, int *n)
+             code = array_get(imemory, pImpl, 0, &pPatInst);
+             if (code < 0)
+                 return code;
+
+            if (!r_is_struct(&pPatInst) || (!r_has_stype(&pPatInst, imemory, st_pattern1_instance) && !r_has_stype(&pPatInst, imemory, st_pattern2_instance)))
+                return_error(gs_error_typecheck);
+             cc.pattern = r_ptr(&pPatInst, gs_pattern_instance_t);
+             if (pattern_instance_uses_base_space(cc.pattern))
+                 *n = n_comps;
+-- 
+2.34.1
+
--- a/ghostscript.spec
+++ b/ghostscript.spec
@ -9,7 +9,7 @@

 Name:             ghostscript
 Version:          9.56.1
-Release:          10
+Release:          11
 Summary:          An interpreter for PostScript and PDF files
 License:          AGPLv3+
 URL:              https://ghostscript.com/
@ -66,6 +66,7 @@ Patch116:  Bug-707510-fix-LIBIDN-usage.patch
 Patch117:  fix-CVE-2024-33869-second.patch
 Patch118:   backport-CVE-2024-46953.patch
 Patch119:   backport-CVE-2024-46956.patch
+Patch120:   backport-CVE-2024-46951.patch

 BuildRequires:    automake gcc
 BuildRequires:    adobe-mappings-cmap-devel adobe-mappings-pdf-devel
@ -153,6 +154,7 @@ PDF files using Ghostscript and dvips
 %patch117 -p1
 %patch118 -p1
 %patch119 -p1
+%patch120 -p1

 # Libraries that we already have packaged(see Build Requirements):
 rm -rf cups/libs freetype ijs jbig2dec jpeg lcms2* libpng openjpeg tiff zlib
@ -246,6 +248,12 @@ install -m 0755 -d %{buildroot}%{_datadir}/%{name}/conf.d/
 %{_bindir}/dvipdf

 %changelog
+* Fri Nov 01 2024 liningjie <liningjie@xfusion.com> - 9.56.1-11
+- Type:CVE
+- ID:NA
+- SUG:NA
+- DECS: Fix CVE-2024-46951
+
 * Fri Oct 25 2024 liningjie <liningjie@xfusion.com> - 9.56.1-10
 - Type:CVE
 - ID:NA