Petr Gajdos
cd84a81a7d
- added patches fix CVE-2021-32490 [bsc#1185895], Out of bounds write in function DJVU:filter_bv() via crafted djvu file + djvulibre-CVE-2021-32490.patch fix CVE-2021-32491 [bsc#1185900], Integer overflow in function render() in tools/ddjvu via crafted djvu file + djvulibre-CVE-2021-32491.patch fix CVE-2021-32492 [bsc#1185904], Out of bounds read in function DJVU:DataPool:has_data() via crafted djvu file + djvulibre-CVE-2021-32492.patch fix CVE-2021-32493 [bsc#1185905], Heap buffer overflow in function DJVU:GBitmap:decode() via crafted djvu file + djvulibre-CVE-2021-32493.patch OBS-URL: https://build.opensuse.org/package/show/graphics/djvulibre?expand=0&rev=38
17 lines
755 B
Diff
17 lines
755 B
Diff
Index: djvulibre-3.5.28/libdjvu/IW44Image.cpp
|
|
===================================================================
|
|
--- djvulibre-3.5.28.orig/libdjvu/IW44Image.cpp 2020-11-20 17:57:32.000000000 +0100
|
|
+++ djvulibre-3.5.28/libdjvu/IW44Image.cpp 2021-05-11 15:14:54.034421423 +0200
|
|
@@ -678,7 +678,11 @@ IW44Image::Map::image(signed char *img8,
|
|
size_t sz = bw * bh;
|
|
if (sz / (size_t)bw != (size_t)bh) // multiplication overflow
|
|
G_THROW("IW44Image: image size exceeds maximum (corrupted file?)");
|
|
+ if (sz == 0)
|
|
+ G_THROW("IW44Image: zero size image (corrupted file?)");
|
|
GPBuffer<short> gdata16(data16,sz);
|
|
+ if (data16 == NULL)
|
|
+ G_THROW("IW44Image: unable to allocate image data");
|
|
// Copy coefficients
|
|
int i;
|
|
short *p = data16;
|