CVE-2017-11403 (#1472214)

8 years ago · 61fd1868ff
parent 246183ed64
commit 61fd1868ff
2 changed files with 30 additions and 1 deletions
--- a/GraphicsMagick-CVE-2017-11403.patch
+++ b/GraphicsMagick-CVE-2017-11403.patch
@ -0,0 +1,24 @@
+
+# HG changeset patch
+# User Glenn Randers-Pehrson <glennrp+bmo@gmail.com>
+# Date 1499704855 14400
+# Node ID d0a76868ca37ae482eb3e8cecbb9150c5348ffe8
+# Parent  b24f2a9b0dd70506d429e537ff3e81532b5bfc23
+coders/png.c (ReadMNGImage): Fix out-of-order CloseBlob()
+
+and DestroyImageList() that caused a use-after-free crash.
+
+diff -r b24f2a9b0dd7 -r d0a76868ca37 coders/png.c
+--- a/coders/png.c	Mon Jul 10 11:31:05 2017 -0400
+++ b/coders/png.c	Mon Jul 10 12:40:55 2017 -0400
+@@ -5161,8 +5161,8 @@
+ 
+       if (image == (Image *) NULL)
+         {
+          CloseBlob(previous);
+           DestroyImageList(previous);
+-          CloseBlob(previous);
+           MngInfoFreeStruct(mng_info,&have_mng_structure);
+           return((Image *) NULL);
+         }
+
--- a/GraphicsMagick.spec
+++ b/GraphicsMagick.spec
@ -33,7 +33,7 @@
 Summary: An ImageMagick fork, offering faster image generation and better quality
 Name: GraphicsMagick
 Version: 1.3.26
-Release: 2%{?dist}
+Release: 3%{?dist}

 License: MIT
 Group: Applications/Multimedia
@ -49,6 +49,7 @@ Patch100: GraphicsMagick-1.3.16-multilib.patch
 Patch50: GraphicsMagick-1.3.14-perl_linkage.patch

 ## upstream patches
+Patch1: GraphicsMagick-CVE-2017-11403.patch

 BuildRequires: bzip2-devel
 BuildRequires: freetype-devel
@ -162,6 +163,7 @@ however.
 %prep
 %setup -q

+%patch1 -p1 -b .CVE-2017-11403
 %patch50 -p1 -b .perl_linkage
 %patch100 -p1 -b .multilib

@ -322,6 +324,9 @@ rm -rf %{buildroot}


 %changelog
+* Wed Jul 19 2017 Rex Dieter <rdieter@fedoraproject.org> - 1.3.26-3
+- CVE-2017-11403 (#1472214)
+
 * Fri Jul 07 2017 Igor Gnatenko <ignatenko@redhat.com> - 1.3.26-2
 - Rebuild due to bug in RPM (RHBZ #1468476)