mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-10 09:19:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
bf30db97f74edcd55d8b3b128b3a959cd9c04da2
poky/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59800.patch
Peter Marko 9fb26deedd ghostscript: patch CVE-2025-59800 
Pick commit mentioned in the NVD report.

(From OE-Core rev: a63bb2ccc8294c8a97f5957f1ca9f0a4880713ac)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-10-13 12:42:58 -07:00

37 lines
1.3 KiB
Diff
Raw Blame History

From 176cf0188a2294bc307b8caec876f39412e58350 Mon Sep 17 00:00:00 2001
From: Ken Sharp <Ken.Sharp@artifex.com>
Date: Tue, 1 Jul 2025 10:31:17 +0100
Subject: [PATCH] PDF OCR 8 bit device - avoid overflow
Bug 708602 "Heap overflow in ocr_line8"
Make sure the calculation of the required raster size does not overflow
an int.
CVE: CVE-2025-59800
Upstream-Status: Backport [https://github.com/ArtifexSoftware/ghostpdl/commit/176cf0188a2294bc307b8caec876f39412e58350]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
devices/gdevpdfocr.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/devices/gdevpdfocr.c b/devices/gdevpdfocr.c
index f27dc11db..6362f4104 100644
--- a/devices/gdevpdfocr.c
+++ b/devices/gdevpdfocr.c
@@ -521,9 +521,12 @@ ocr_line32(gx_device_pdf_image *dev, void *row)
static int
ocr_begin_page(gx_device_pdf_image *dev, int w, int h, int bpp)
{
- int raster = (w+3)&~3;
+ int64_t raster = (w + 3) & ~3;
- dev->ocr.data = gs_alloc_bytes(dev->memory, raster * h, "ocr_begin_page");
+ raster = raster * (int64_t)h;
+ if (raster < 0 || raster > max_size_t)
+ return gs_note_error(gs_error_VMerror);
+ dev->ocr.data = gs_alloc_bytes(dev->memory, raster, "ocr_begin_page");
if (dev->ocr.data == NULL)
return_error(gs_error_VMerror);
dev->ocr.w = w;
Reference in New Issue View Git Blame Copy Permalink