mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-01-29 21:08:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

ghostscript: patch CVE-2025-59800

Browse Source 
Pick commit mentioned in the NVD report.

(From OE-Core rev: a63bb2ccc8294c8a97f5957f1ca9f0a4880713ac)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Peter Marko
2025-10-08 00:11:12 +02:00
committed by Steve Sakoman
parent 0db5ae637d
commit 9fb26deedd
2 changed files with 37 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59800.patch Normal file
View File

@@ -0,0 +1,36 @@
From 176cf0188a2294bc307b8caec876f39412e58350 Mon Sep 17 00:00:00 2001
From: Ken Sharp <Ken.Sharp@artifex.com>
Date: Tue, 1 Jul 2025 10:31:17 +0100
Subject: [PATCH] PDF OCR 8 bit device - avoid overflow
Bug 708602 "Heap overflow in ocr_line8"
Make sure the calculation of the required raster size does not overflow
an int.
CVE: CVE-2025-59800
Upstream-Status: Backport [https://github.com/ArtifexSoftware/ghostpdl/commit/176cf0188a2294bc307b8caec876f39412e58350]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
devices/gdevpdfocr.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/devices/gdevpdfocr.c b/devices/gdevpdfocr.c
index f27dc11db..6362f4104 100644
--- a/devices/gdevpdfocr.c
+++ b/devices/gdevpdfocr.c
@@ -521,9 +521,12 @@ ocr_line32(gx_device_pdf_image *dev, void *row)
static int
ocr_begin_page(gx_device_pdf_image *dev, int w, int h, int bpp)
{
- int raster = (w+3)&~3;
+ int64_t raster = (w + 3) & ~3;
- dev->ocr.data = gs_alloc_bytes(dev->memory, raster * h, "ocr_begin_page");
+ raster = raster * (int64_t)h;
+ if (raster < 0 || raster > max_size_t)
+ return gs_note_error(gs_error_VMerror);
+ dev->ocr.data = gs_alloc_bytes(dev->memory, raster, "ocr_begin_page");
if (dev->ocr.data == NULL)
return_error(gs_error_VMerror);
dev->ocr.w = w;

1
meta/recipes-extended/ghostscript/ghostscript_10.05.1.bb
View File

@@ -27,6 +27,7 @@ SRC_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/downlo
file://avoid-host-contamination.patch \
file://CVE-2025-59798.patch \
file://CVE-2025-59799.patch \
file://CVE-2025-59800.patch \
"
SRC_URI[sha256sum] = "121861b6d29b2461dec6575c9f3cab665b810bd408d4ec02c86719fa708b0a49"