From: Archana Polampalli <[email protected]> Signed-off-by: Archana Polampalli <[email protected]> Signed-off-by: Steve Sakoman <[email protected]> --- .../ghostscript/CVE-2024-29506.patch | 45 +++++++++++++++++++ .../ghostscript/ghostscript_9.55.0.bb | 1 + 2 files changed, 46 insertions(+) create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29506.patch
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29506.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29506.patch new file mode 100644 index 0000000000..9f3f3e5da2 --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2024-29506.patch @@ -0,0 +1,45 @@ +From 77dc7f699beba606937b7ea23b50cf5974fa64b1 Mon Sep 17 00:00:00 2001 +From: Ken Sharp <[email protected]> +Date: Thu, 25 Jan 2024 11:55:49 +0000 +Subject: [PATCH] Bug 707510 - don't allow PDF files with bad Filters to + overflow the debug buffer + +Item #2 of the report. + +Allocate a buffer to hold the filter name, instead of assuming it will +fit in a fixed buffer. + +Reviewed all the other PDFDEBUG cases, no others use a fixed buffer like +this. + +CVE: CVE-2024-29506 + +Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=77dc7f699beba606937b7ea23b50cf5974fa64b1] + +Signed-off-by: Archana Polampalli <[email protected]> +--- + pdf/pdf_file.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/pdf/pdf_file.c b/pdf/pdf_file.c +index 214d448..93c2402 100644 +--- a/pdf/pdf_file.c ++++ b/pdf/pdf_file.c +@@ -767,10 +767,14 @@ static int pdfi_apply_filter(pdf_context *ctx, pdf_dict *dict, pdf_name *n, pdf_ + + if (ctx->args.pdfdebug) + { +- char str[100]; ++ char *str; ++ str = gs_alloc_bytes(ctx->memory, n->length + 1, "temp string for debug"); ++ if (str == NULL) ++ return_error(gs_error_VMerror); + memcpy(str, (const char *)n->data, n->length); + str[n->length] = '\0'; + dmprintf1(ctx->memory, "FILTER NAME:%s\n", str); ++ gs_free_object(ctx->memory, str, "temp string for debug"); + } + + if (pdfi_name_is(n, "RunLengthDecode")) { +-- +2.40.0 diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb index f738b0133f..525086e2af 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb @@ -53,6 +53,7 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d file://CVE-2024-29511-0001.patch \ file://CVE-2024-29511-0002.patch \ file://CVE-2024-29509.patch \ + file://CVE-2024-29506.patch \ " SRC_URI = "${SRC_URI_BASE} \ -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#203270): https://lists.openembedded.org/g/openembedded-core/message/203270 Mute This Topic: https://lists.openembedded.org/mt/107874798/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
