Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package chmlib for openSUSE:Factory checked in at 2025-07-09 17:28:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/chmlib (Old) and /work/SRC/openSUSE:Factory/.chmlib.new.7373 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "chmlib" Wed Jul 9 17:28:57 2025 rev:23 rq:1291444 version:0.40 Changes: -------- --- /work/SRC/openSUSE:Factory/chmlib/chmlib.changes 2023-10-06 21:12:44.500166627 +0200 +++ /work/SRC/openSUSE:Factory/.chmlib.new.7373/chmlib.changes 2025-07-09 17:30:01.943614983 +0200 @@ -1,0 +2,8 @@ +Mon Jul 7 10:05:58 UTC 2025 - pgaj...@suse.com + +- security update +- added patches + CVE-2025-48172 [bsc#1245803], integer overflow in _chm_decompress_block of chm_lib.c can lead to heap buffer overflow + + chmlib-CVE-2025-48172.patch + +------------------------------------------------------------------- New: ---- chmlib-CVE-2025-48172.patch ----------(New B)---------- New: CVE-2025-48172 [bsc#1245803], integer overflow in _chm_decompress_block of chm_lib.c can lead to heap buffer overflow + chmlib-CVE-2025-48172.patch ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ chmlib.spec ++++++ --- /var/tmp/diff_new_pack.C1Q9g8/_old 2025-07-09 17:30:02.711647028 +0200 +++ /var/tmp/diff_new_pack.C1Q9g8/_new 2025-07-09 17:30:02.711647028 +0200 @@ -1,7 +1,7 @@ # # spec file for package chmlib # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -38,6 +38,8 @@ Patch5: chm_http-output-server-address.patch # PATCH-FIX-UPSTREAM: https://github.com/jedwing/CHMLib/pull/17 Patch6: chmlib-c99.patch +# CVE-2025-48172 [bsc#1245803], integer overflow in _chm_decompress_block of chm_lib.c can lead to heap buffer overflow +Patch7: chmlib-CVE-2025-48172.patch BuildRequires: gcc-c++ %description ++++++ chmlib-CVE-2025-48172.patch ++++++ Index: chmlib-0.40/src/chm_lib.c =================================================================== --- chmlib-0.40.orig/src/chm_lib.c +++ chmlib-0.40/src/chm_lib.c @@ -86,6 +86,7 @@ #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> +#include <limits.h> /* #include <dmalloc.h> */ #endif @@ -570,6 +571,11 @@ static int _unmarshal_lzxc_reset_table(u if (dest->version != 2) return 0; + if (dest->uncompressed_len > INT_MAX || dest->compressed_len > INT_MAX) + return 0; + if (dest->block_len == 0 || dest->block_len > INT_MAX) + return 0; + return 1; }
