mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-23 00:32:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

ghostscript: fix CVE-2023-38559

Browse Source 
A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle()
in ghostscript. This issue may allow a local attacker to cause a denial of service
via outputting a crafted PDF file for a DEVN device with gs.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-38559

Upstream patch:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1fb9991bb95f1201abb5dea55f57f

(From OE-Core rev: e77c0b35969ae690b390ffae682fd6552ff8aff8)

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Archana Polampalli
2023-08-10 10:23:53 +00:00
committed by Steve Sakoman
parent ab548842ef
commit 8e90df16f5
2 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
meta/recipes-extended/ghostscript/ghostscript/CVE-2023-38559.patch Normal file
View File

@@ -0,0 +1,32 @@
From 34b0eec257c3a597e0515946f17fb973a33a7b5b Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Mon, 17 Jul 2023 14:06:37 +0100
Subject: [PATCH] Bug 706897: Copy pcx buffer overrun fix from
devices/gdevpcx.c
Bounds check the buffer, before dereferencing the pointer.
Upstream-Status: Backport [https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1fb9991bb95f1201abb5dea55f57f]
CVE: CVE-2023-38559
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
---
base/gdevdevn.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/base/gdevdevn.c b/base/gdevdevn.c
index f679127..66c771b 100644
--- a/base/gdevdevn.c
+++ b/base/gdevdevn.c
@@ -1950,7 +1950,7 @@ devn_pcx_write_rle(const byte * from, const byte * end, int step, gp_file * file
byte data = *from;
from += step;
- if (data != *from || from == end) {
+ if (from >= end || data != *from) {
if (data >= 0xc0)
gp_fputc(0xc1, file);
} else {
--
2.40.0

1
meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
View File

@@ -37,6 +37,7 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
file://cve-2023-28879.patch \
file://CVE-2023-36664-0001.patch \
file://CVE-2023-36664-0002.patch \
file://CVE-2023-38559.patch \
"
SRC_URI = "${SRC_URI_BASE} \