commit GraphicsMagick for openSUSE:Factory

Tue, 21 Apr 2026 03:44:24 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package GraphicsMagick for openSUSE:Factory 
checked in at 2026-04-21 12:42:17
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/GraphicsMagick (Old)
 and      /work/SRC/openSUSE:Factory/.GraphicsMagick.new.11940 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "GraphicsMagick"

Tue Apr 21 12:42:17 2026 rev:102 rq:1348129 version:1.3.46

Changes:
--------
--- /work/SRC/openSUSE:Factory/GraphicsMagick/GraphicsMagick.changes    
2026-04-16 17:25:05.014771830 +0200
+++ /work/SRC/openSUSE:Factory/.GraphicsMagick.new.11940/GraphicsMagick.changes 
2026-04-21 12:42:37.404949972 +0200
@@ -1,0 +2,7 @@
+Mon Apr 20 07:44:32 UTC 2026 - Petr Gajdos <[email protected]>
+
+- added patches
+  CVE-2026-33535: Out-of-Bounds write of a zero byte in X11 display 
interaction [bsc#1260874]
+  * GraphicsMagick-CVE-2026-33535.patch
+
+-------------------------------------------------------------------

New:
----
  GraphicsMagick-CVE-2026-33535.patch

----------(New B)----------
  New:  CVE-2026-33535: Out-of-Bounds write of a zero byte in X11 display 
interaction [bsc#1260874]
  * GraphicsMagick-CVE-2026-33535.patch
----------(New E)----------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ GraphicsMagick.spec ++++++
--- /var/tmp/diff_new_pack.y7Odtm/_old  2026-04-21 12:42:38.024975734 +0200
+++ /var/tmp/diff_new_pack.y7Odtm/_new  2026-04-21 12:42:38.024975734 +0200
@@ -41,6 +41,8 @@
 Patch4:         GraphicsMagick-CVE-2026-28690.patch
 # CVE-2026-26284: Heap overflow in pcd decoder leads to out of bounds read. 
[bsc#1258765]
 Patch5:         GraphicsMagick-CVE-2026-26284.patch
+# CVE-2026-33535: Out-of-Bounds write of a zero byte in X11 display 
interaction [bsc#1260874]
+Patch6:         GraphicsMagick-CVE-2026-33535.patch
 BuildRequires:  cups-client
 BuildRequires:  dcraw
 BuildRequires:  gcc-c++

++++++ GraphicsMagick-CVE-2026-33535.patch ++++++
Index: GraphicsMagick-1.3.46/magick/display.c
===================================================================
--- GraphicsMagick-1.3.46.orig/magick/display.c
+++ GraphicsMagick-1.3.46/magick/display.c
@@ -6415,15 +6415,34 @@ static CommandType MagickXImageWindowCom
 
   if ((key_symbol >= XK_0) && (key_symbol <= XK_9))
     {
+      /*
+        Collect up to 10 digits from the user and store the integer
+        result (if any) in resource_info->quantum.
+      */
+      size_t
+        length;
+
       if (!((last_symbol >= XK_0) && (last_symbol <= XK_9)))
         {
-          *delta='\0';
+          delta[0]='\0';
           resource_info->quantum=1;
         }
       last_symbol=key_symbol;
-      delta[strlen(delta)+1]='\0';
-      delta[strlen(delta)]=Digits[key_symbol-XK_0];
-      resource_info->quantum=MagickAtoI(delta);
+      length=strlen(delta);
+      /* INT_MAX is 2147483647, which is 10 digits */
+      if (length < 10 /* MaxTextExtent-1 */)
+        {
+          delta[length]=Digits[key_symbol-XK_0];
+          delta[length+1]='\0';
+        }
+      if (MagickAtoIChk(delta,&resource_info->quantum) == MagickFail)
+        {
+          /*
+            Reset to initial state on error.
+          */
+          delta[0]='\0';
+          resource_info->quantum=1;
+        }
       return(NullCommand);
     }
   last_symbol=key_symbol;

Reply via email to