diff options
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/imagemagick.scm | 4 | ||||
-rw-r--r-- | gnu/packages/patches/imagemagick-CVE-2020-27829.patch | 27 |
3 files changed, 31 insertions, 1 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index f8c4e73402..435aade2b8 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1220,6 +1220,7 @@ dist_patch_DATA = \ %D%/packages/patches/id3lib-UTF16-writing-bug.patch \ %D%/packages/patches/idris-disable-test.patch \ %D%/packages/patches/ilmbase-fix-tests.patch \ + %D%/packages/patches/imagemagick-CVE-2020-27829.patch \ %D%/packages/patches/inetutils-hurd.patch \ %D%/packages/patches/inkscape-poppler-0.76.patch \ %D%/packages/patches/intel-xed-fix-nondeterminism.patch \ diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm index bbf038534f..c48ba534c2 100644 --- a/gnu/packages/imagemagick.scm +++ b/gnu/packages/imagemagick.scm @@ -155,7 +155,9 @@ text, lines, polygons, ellipses and Bézier curves.") version ".tar.xz")) (sha256 (base32 - "1pkwij76yz7vd5grl6520pgpa912qb6kh34qamx4zfndwcx6cf6b")))))) + "1pkwij76yz7vd5grl6520pgpa912qb6kh34qamx4zfndwcx6cf6b")) + (patches + (search-patches "imagemagick-CVE-2020-27829.patch")))))) (define-public perl-image-magick (package diff --git a/gnu/packages/patches/imagemagick-CVE-2020-27829.patch b/gnu/packages/patches/imagemagick-CVE-2020-27829.patch new file mode 100644 index 0000000000..b15c1d0879 --- /dev/null +++ b/gnu/packages/patches/imagemagick-CVE-2020-27829.patch @@ -0,0 +1,27 @@ +We omit the ChangeLog changes below, since they do not apply cleanly. + + +From 6ee5059cd3ac8d82714a1ab1321399b88539abf0 Mon Sep 17 00:00:00 2001 +From: Cristy <urban-warrior@imagemagick.org> +Date: Mon, 30 Nov 2020 16:26:59 +0000 +Subject: [PATCH] possible TIFF related-heap buffer overflow (alert & POC by + Hardik Shah) + +--- + ChangeLog | 6 ++++++ + coders/tiff.c | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/coders/tiff.c b/coders/tiff.c +index e98f927ab..1eecf17ae 100644 +--- a/coders/tiff.c ++++ b/coders/tiff.c +@@ -1975,7 +1975,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info, + extent+=image->columns*sizeof(uint32); + #endif + strip_pixels=(unsigned char *) AcquireQuantumMemory(extent, +- sizeof(*strip_pixels)); ++ 2*sizeof(*strip_pixels)); + if (strip_pixels == (unsigned char *) NULL) + ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed"); + (void) memset(strip_pixels,0,extent*sizeof(*strip_pixels)); |