Étienne Mollier pushed to branch debian/bookworm at Debian Med / xmedcon
Commits: e5bd4ce8 by Étienne Mollier at 2025-03-22T19:58:27+01:00 CVE-2025-2581.patch: new: fix CVE-2025-2581. Closes: #1100986 - - - - - 2d01dcfe by Étienne Mollier at 2025-03-22T20:22:10+01:00 d/changelog: ready for upload to bookworm. - - - - - 3 changed files: - debian/changelog - + debian/patches/CVE-2025-2581.patch - debian/patches/series Changes: ===================================== debian/changelog ===================================== @@ -1,3 +1,10 @@ +xmedcon (0.23.0-gtk3+dfsg-1+deb12u2) bookworm; urgency=medium + + * Team upload. + * CVE-2025-2581.patch: new: fix CVE-2025-2581. (Closes: #1100986) + + -- Étienne Mollier <[email protected]> Sat, 22 Mar 2025 19:58:34 +0100 + xmedcon (0.23.0-gtk3+dfsg-1+deb12u1) bookworm; urgency=medium * Team upload. ===================================== debian/patches/CVE-2025-2581.patch ===================================== @@ -0,0 +1,40 @@ +Description: Check for overflow between size_t and int64_t. +Author: Erik Nolf +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100986 +Applied-Upstream: e7a88836fc2277f8ab777f3ef24f917d08415559 +Reviewed-by: Étienne Mollier <[email protected]> +Last-Update: 2025-03-22 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- xmedcon.orig/libs/dicom/single.c ++++ xmedcon/libs/dicom/single.c +@@ -22,8 +22,9 @@ + SINGLE *dicom_single(void) + { + ELEMENT *e; +- S32 length; ++ S32 length, bytes; + U32 i, f; ++ size_t size; + char *interpretation[]= + { + "MONOCHROME2", +@@ -265,7 +266,17 @@ + /* eNlf: - allocate an extra 4 bytes, otherwise the bit.c */ + /* eNlf: routines like source.u++ go beyond the boundaries */ + /* eNlf: - memset the allocated buffer for sure */ +- data = (U8*)malloc(width*height*pixel*frames+4); ++ bytes = (int64_t)width*height*pixel*frames+4; ++ ++ /* check for overflow */ ++ size = (size_t)bytes; ++ if ((int64_t)size != bytes) { ++ dicom_log(ERROR,"System size_t too small"); ++ return 0L; ++ } ++ ++ /* allocate memory */ ++ data = (U8*)malloc(bytes); + if (!data) + { + dicom_log(ERROR,"Out of memory"); ===================================== debian/patches/series ===================================== @@ -3,3 +3,4 @@ use_debian_packaged_niftilib.patch cross.patch typos.patch CVE-2024-29421.patch +CVE-2025-2581.patch View it on GitLab: https://salsa.debian.org/med-team/xmedcon/-/compare/fdbf9bc9c0e26158ba0f5d9415b213ec1e22ebbb...2d01dcfeb6e0867e4b22db5b19fd4e4c9660b509 -- View it on GitLab: https://salsa.debian.org/med-team/xmedcon/-/compare/fdbf9bc9c0e26158ba0f5d9415b213ec1e22ebbb...2d01dcfeb6e0867e4b22db5b19fd4e4c9660b509 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-med-commit mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-med-commit
