mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-20 08:29:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

ghostscript: patch CVE-2025-59800

Browse Source 
Pick commit mentioned in the NVD report.

(From OE-Core rev: 5109fd6675b6782f10f86f774fe54b6ccecee415)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Peter Marko
2025-10-08 00:11:42 +02:00
committed by Steve Sakoman
parent 093e91d190
commit 02148028a0
2 changed files with 37 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59800.patch Normal file
View File

@@ -0,0 +1,36 @@
From 176cf0188a2294bc307b8caec876f39412e58350 Mon Sep 17 00:00:00 2001
From: Ken Sharp <Ken.Sharp@artifex.com>
Date: Tue, 1 Jul 2025 10:31:17 +0100
Subject: [PATCH] PDF OCR 8 bit device - avoid overflow
Bug 708602 "Heap overflow in ocr_line8"
Make sure the calculation of the required raster size does not overflow
an int.
CVE: CVE-2025-59800
Upstream-Status: Backport [https://github.com/ArtifexSoftware/ghostpdl/commit/176cf0188a2294bc307b8caec876f39412e58350]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
devices/gdevpdfocr.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/devices/gdevpdfocr.c b/devices/gdevpdfocr.c
index f27dc11db..6362f4104 100644
--- a/devices/gdevpdfocr.c
+++ b/devices/gdevpdfocr.c
@@ -521,9 +521,12 @@ ocr_line32(gx_device_pdf_image *dev, void *row)
static int
ocr_begin_page(gx_device_pdf_image *dev, int w, int h, int bpp)
{
- int raster = (w+3)&~3;
+ int64_t raster = (w + 3) & ~3;
- dev->ocr.data = gs_alloc_bytes(dev->memory, raster * h, "ocr_begin_page");
+ raster = raster * (int64_t)h;
+ if (raster < 0 || raster > max_size_t)
+ return gs_note_error(gs_error_VMerror);
+ dev->ocr.data = gs_alloc_bytes(dev->memory, raster, "ocr_begin_page");
if (dev->ocr.data == NULL)
return_error(gs_error_VMerror);
dev->ocr.w = w;

1
meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
View File

@@ -78,6 +78,7 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
file://CVE-2025-48708.patch \
file://CVE-2025-59798.patch \
file://CVE-2025-59799.patch \
file://CVE-2025-59800.patch \
"
SRC_URI = "${SRC_URI_BASE} \