commit GraphicsMagick for openSUSE:Factory

Thu, 16 Apr 2026 08:25:57 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package GraphicsMagick for openSUSE:Factory 
checked in at 2026-04-16 17:25:00
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/GraphicsMagick (Old)
 and      /work/SRC/openSUSE:Factory/.GraphicsMagick.new.11940 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "GraphicsMagick"

Thu Apr 16 17:25:00 2026 rev:101 rq:1346383 version:1.3.46

Changes:
--------
--- /work/SRC/openSUSE:Factory/GraphicsMagick/GraphicsMagick.changes    
2026-03-22 14:11:50.424540035 +0100
+++ /work/SRC/openSUSE:Factory/.GraphicsMagick.new.11940/GraphicsMagick.changes 
2026-04-16 17:25:05.014771830 +0200
@@ -1,0 +2,7 @@
+Mon Apr 13 07:54:32 UTC 2026 - Petr Gajdos <[email protected]>
+
+- added patches
+  CVE-2026-26284: Heap overflow in pcd decoder leads to out of bounds read. 
[bsc#1258765]
+  * GraphicsMagick-CVE-2026-26284.patch
+
+-------------------------------------------------------------------

New:
----
  GraphicsMagick-CVE-2026-26284.patch

----------(New B)----------
  New:  CVE-2026-26284: Heap overflow in pcd decoder leads to out of bounds 
read. [bsc#1258765]
  * GraphicsMagick-CVE-2026-26284.patch
----------(New E)----------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ GraphicsMagick.spec ++++++
--- /var/tmp/diff_new_pack.wNrpbw/_old  2026-04-16 17:25:05.858806604 +0200
+++ /var/tmp/diff_new_pack.wNrpbw/_new  2026-04-16 17:25:05.858806604 +0200
@@ -39,6 +39,8 @@
 Patch3:         GraphicsMagick-CVE-2026-30883.patch
 # CVE-2026-28690: missing bounds check in the MNG encoder can lead to a stack 
buffer overflow (bsc#1259456)
 Patch4:         GraphicsMagick-CVE-2026-28690.patch
+# CVE-2026-26284: Heap overflow in pcd decoder leads to out of bounds read. 
[bsc#1258765]
+Patch5:         GraphicsMagick-CVE-2026-26284.patch
 BuildRequires:  cups-client
 BuildRequires:  dcraw
 BuildRequires:  gcc-c++

++++++ GraphicsMagick-CVE-2026-26284.patch ++++++
Index: GraphicsMagick-1.3.46/coders/pcd.c
===================================================================
--- GraphicsMagick-1.3.46.orig/coders/pcd.c
+++ GraphicsMagick-1.3.46/coders/pcd.c
@@ -392,7 +392,7 @@ static MagickPassFail DecodeImage(Image
       Decode luminance or chrominance deltas.
     */
     r=pcd_table[plane];
-    for (i=0; ((i < (long) length) && ((sum & r->mask) != r->sequence)); i++)
+    for (i=1; ((i < (long) length) && ((sum & r->mask) != r->sequence)); i++)
       r++;
     if ((row > image->rows) || (r == (PCDTable *) NULL))
       {

Reply via email to