mirror of
https://git.yoctoproject.org/poky
synced 2026-03-14 03:09:41 +01:00
8e90df16f5
A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs. Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-38559 Upstream patch: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1fb9991bb95f1201abb5dea55f57f (From OE-Core rev: e77c0b35969ae690b390ffae682fd6552ff8aff8) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
33 lines
1.0 KiB
Diff
33 lines
1.0 KiB
Diff
From 34b0eec257c3a597e0515946f17fb973a33a7b5b Mon Sep 17 00:00:00 2001
|
|
From: Chris Liddell <chris.liddell@artifex.com>
|
|
Date: Mon, 17 Jul 2023 14:06:37 +0100
|
|
Subject: [PATCH] Bug 706897: Copy pcx buffer overrun fix from
|
|
devices/gdevpcx.c
|
|
|
|
Bounds check the buffer, before dereferencing the pointer.
|
|
|
|
Upstream-Status: Backport [https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1fb9991bb95f1201abb5dea55f57f]
|
|
|
|
CVE: CVE-2023-38559
|
|
|
|
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
|
|
---
|
|
base/gdevdevn.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/base/gdevdevn.c b/base/gdevdevn.c
|
|
index f679127..66c771b 100644
|
|
--- a/base/gdevdevn.c
|
|
+++ b/base/gdevdevn.c
|
|
@@ -1950,7 +1950,7 @@ devn_pcx_write_rle(const byte * from, const byte * end, int step, gp_file * file
|
|
byte data = *from;
|
|
|
|
from += step;
|
|
- if (data != *from || from == end) {
|
|
+ if (from >= end || data != *from) {
|
|
if (data >= 0xc0)
|
|
gp_fputc(0xc1, file);
|
|
} else {
|
|
--
|
|
2.40.0
|