Fix CVE-2023-39742

2023-09-15 23:41:18 +08:00 · 2023-09-15 23:41:18 +08:00 · 08694f0665
commit 08694f0665
parent eebe8de150
2 changed files with 29 additions and 1 deletions
--- a/CVE-2023-39742.patch
+++ b/CVE-2023-39742.patch
@ -0,0 +1,24 @@
+Description: Fix segmentation faults due to non correct checking for args
+Author: David Suárez <david.sephirot@gmail.com>
+Origin: vendor
+Bug: https://sourceforge.net/p/giflib/bugs/153/
+Bug-Debian: https://bugs.debian.org/715963
+Bug-Debian: https://bugs.debian.org/715964
+Bug-Debian: https://bugs.debian.org/715967
+Last-Update: 2020-12-20
+
+--- a/getarg.c
+++ b/getarg.c
+@@ -305,6 +305,12 @@
+     int i = 0, ScanRes;
+ 
+     while (!(ISSPACE(CtrlStrCopy[i]))) {
+
+        if ((*argv) == argv_end) {
+            GAErrorToken = Option;
+            return CMD_ERR_NumRead;
+        }
+
+         switch (CtrlStrCopy[i + 1]) {
+           case 'd':    /* Get signed integers. */
+               ScanRes = sscanf(*((*argv)++), "%d",
--- a/giflib.spec
+++ b/giflib.spec
@ -2,7 +2,7 @@

 Name:          giflib
 Version:       5.2.1
-Release:       6
+Release:       7
 Summary:       A library and utilities for processing GIFs
 License:       MIT
 URL:           http://www.sourceforge.net/projects/giflib/
@ -15,6 +15,7 @@ Patch1:giflib_coverity.patch
 # Generate HTML docs with consistent section IDs to avoid multilib difference
 Patch2:giflib_html-docs-consistent-ids.patch
 Patch3:CVE-2022-28506.patch
+Patch4:CVE-2023-39742.patch

 BuildRequires: make xmlto gcc
 provides:      giflib-utils
@ -74,6 +75,9 @@ rm -f %{buildroot}/debugsourcefiles.list
 %{_bindir}/gif*

 %changelog
+* Fri Sep 15 2023 Funda Wang <fundawang@yeah.net> - 5.2.1-7
+- Fix CVE-2023-39742
+
 * Thu Aug 25 2022 caodongxia <caodongxia@h-partners.com> -5.2.1-6
 - Fix rpmbuild error