CVE-2017-6335 (#CVE-2017-6335)

8 years ago · 6e1c408829
parent e17fc1dda9
commit 6e1c408829
2 changed files with 43 additions and 1 deletions
--- a/GraphicsMagick-CVE-2017-6335.patch
+++ b/GraphicsMagick-CVE-2017-6335.patch
@ -0,0 +1,37 @@
+# HG changeset patch
+# User Bob Friesenhahn <bfriesen@GraphicsMagick.org>
+# Date 1487905610 21600
+#      Thu Feb 23 21:06:50 2017 -0600
+# Node ID 6156b4c2992d855ece6079653b3b93c3229fc4b8
+# Parent  0392c4305a4369984ec8069055acc470c0a73647
+Fix out of bounds access when reading CMYKA tiff which claims wrong samples/pixel.
+
+diff --git a/coders/tiff.c b/coders/tiff.c
+--- a/coders/tiff.c
+++ b/coders/tiff.c
+@@ -1230,8 +1230,8 @@
+                   case 0:
+                     if (samples_per_pixel == 1)
+                       *quantum_type=GrayQuantum;
+-                      else
+-                        *quantum_type=RedQuantum;
+                    else
+                      *quantum_type=RedQuantum;
+                     break;
+                   case 1:
+                     *quantum_type=GreenQuantum;
+@@ -1411,12 +1411,12 @@
+               }
+             else
+               {
+-                if (image->matte)
+                if (image->matte && samples_per_pixel >= 5)
+                   {
+                     *quantum_type=CMYKAQuantum;
+                     *quantum_samples=5;
+                   }
+-                else
+                else if (samples_per_pixel >= 4)
+                   {
+                     *quantum_type=CMYKQuantum;
+                     *quantum_samples=4;
--- a/GraphicsMagick.spec
+++ b/GraphicsMagick.spec
@ -33,7 +33,7 @@
 Summary: An ImageMagick fork, offering faster image generation and better quality
 Name: GraphicsMagick
 Version: 1.3.25
-Release: 5%{?dist}
+Release: 6%{?dist}

 License: MIT
 Group: Applications/Multimedia
@ -55,6 +55,7 @@ Patch3: GraphicsMagick-CVE-2016-7997.patch
 Patch4: GraphicsMagick-CVE-2016-8682.patch
 Patch5: GraphicsMagick-CVE-2016-8683.patch
 Patch6: GraphicsMagick-CVE-2016-8684.patch
+Patch7: GraphicsMagick-CVE-2017-6335.patch

 BuildRequires: bzip2-devel
 BuildRequires: freetype-devel
@ -174,6 +175,7 @@ however.
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
+%patch7 -p1

 %patch50 -p1 -b .perl_linkage
 %patch100 -p1 -b .multilib
@ -335,6 +337,9 @@ rm -rf %{buildroot}


 %changelog
+* Thu Mar 02 2017 Rex Dieter <rdieter@fedoraproject.org> - 1.3.25-6
+- CVE-2017-6335 (#CVE-2017-6335)
+
 * Thu Mar 02 2017 Rex Dieter <rdieter@fedoraproject.org> - 1.3.25-5
 - CVE-2016-7800 (#1381148)
 - CVE-2016-7996, CVE-2016-7997 (#1383223)