Add patch for CVE-2019-20093

podofo.spec

@@ -1,6 +1,6 @@
 Name:           podofo
 Version:        0.9.6
-Release:        8%{?dist}
+Release:        9%{?dist}
 Summary:        Tools and libraries to work with the PDF file format
 
 # The library is licensed under the LGPL.
@@ -47,6 +47,10 @@ Patch18:        podofo_CVE-2019-9199.patch
 # https://sourceforge.net/p/podofo/code/1969
 Patch19:        podofo_CVE-2019-9687.patch
 
+# Downstream patch for CVE-2019-20093
+# https://sourceforge.net/p/podofo/tickets/75/
+Patch20:        podofo_CVE-2019-20093.patch
+
 BuildRequires:  gcc-c++
 %if %{?el7:1}%{!?el7:0}
 BuildRequires:  cmake3
@@ -157,6 +161,9 @@ find doc/html -exec touch -r %{SOURCE0} {} \;
 
 
 %changelog
+* Fri Jan 17 2020 Sandro Mani <manisandro@gmail.com> - 0.9.6-9
+- Add patch for CVE-2019-20093
+
 * Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.6-8
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 

podofo_CVE-2019-20093.patch

@@ -0,0 +1,15 @@
+diff -wrupN podofo-0.9.6/tools/podofoimgextract/ImageExtractor.cpp podofo-0.9.6-new/tools/podofoimgextract/ImageExtractor.cpp
+--- podofo-0.9.6/tools/podofoimgextract/ImageExtractor.cpp	2018-02-25 12:48:38.000000000 +0100
++++ podofo-0.9.6-new/tools/podofoimgextract/ImageExtractor.cpp	2020-01-17 19:43:48.619699851 +0100
+@@ -117,6 +117,11 @@ void ImageExtractor::ExtractImage( PdfOb
+         //long lBitsPerComponent = pObject->GetDictionary().GetKey( PdfName("BitsPerComponent" ) )->GetNumber();
+         // TODO: Handle colorspaces
+ 
++        if ( !pObject->GetDictionary().HasKey( PdfName("Width" ) ) || !pObject->GetDictionary().HasKey( PdfName("Height" ) ) )
++        {
++            PODOFO_RAISE_ERROR( ePdfError_BrokenFile );
++        }
++
+         // Create a ppm image
+         const char* pszPpmHeader = "P6\n# Image extracted by PoDoFo\n%" PDF_FORMAT_INT64 " %" PDF_FORMAT_INT64 "\n%li\n";
+