rpm/htmldoc
SHA256
1
0
Fork 0
forked from pool/htmldoc
Code Pull Requests Activity

Accepting request 929571 from home:pgajdos

Browse Source 
- security update
- added patches
  fix CVE-2021-40985 [bsc#1192357], buffer overflow may lead to DoS via a crafted BMP image
  + htmldoc-CVE-2021-40985.patch

OBS-URL: https://build.opensuse.org/request/show/929571
OBS-URL: https://build.opensuse.org/package/show/Publishing/htmldoc?expand=0&rev=29
This commit is contained in:
Dr. Werner Fink 2021-11-05 09:31:11 +00:00 committed by Git OBS Bridge
parent a2adaafc36
commit 5ba7530688
3 changed files with 44 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
htmldoc-CVE-2021-40985.patch Normal file
View File

@ -0,0 +1,33 @@
diff --git a/htmldoc/image.cxx b/htmldoc/image.cxx
index 337c0cc5..d44d1ba3 100644
--- a/htmldoc/image.cxx
+++ b/htmldoc/image.cxx
@@ -915,6 +915,9 @@ image_load_bmp(image_t *img, /* I - Image to load into */
colors_used = (int)read_dword(fp);
read_dword(fp);
+ if (img->width <= 0 || img->width > 8192 || img->height <= 0 || img->height > 8192)
+ return (-1);
+
if (info_size > 40)
for (info_size -= 40; info_size > 0; info_size --)
getc(fp);
@@ -926,7 +929,7 @@ image_load_bmp(image_t *img, /* I - Image to load into */
fread(colormap, (size_t)colors_used, 4, fp);
// Setup image and buffers...
- img->depth = gray ? 1 : 3;
+ img->depth = gray ? 1 : 3;
// If this image is indexed and we are writing an encrypted PDF file, bump the use count so
// we create an image object (Acrobat 6 bug workaround)
@@ -1076,7 +1079,7 @@ image_load_bmp(image_t *img, /* I - Image to load into */
if (bit == 0xf0)
{
if (color < 0)
- temp = getc(fp);
+ temp = getc(fp) & 255;
else
temp = color;

8
htmldoc.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Fri Nov 5 08:29:27 UTC 2021 - pgajdos@suse.com
- security update
- added patches
fix CVE-2021-40985 [bsc#1192357], buffer overflow may lead to DoS via a crafted BMP image
+ htmldoc-CVE-2021-40985.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jun 1 01:37:51 UTC 2021 - Ferdinand Thiessen <rpm@fthiessen.de> Tue Jun 1 01:37:51 UTC 2021 - Ferdinand Thiessen <rpm@fthiessen.de>

3
htmldoc.spec
View File

@ -24,6 +24,8 @@ License: LGPL-2.1-or-later
Group: Productivity/Publishing/HTML/Tools Group: Productivity/Publishing/HTML/Tools
URL: https://michaelrsweet.github.io/htmldoc/index.html URL: https://michaelrsweet.github.io/htmldoc/index.html
Source: https://github.com/michaelrsweet/htmldoc/releases/download/v%{version}/htmldoc-%{version}-source.tar.gz Source: https://github.com/michaelrsweet/htmldoc/releases/download/v%{version}/htmldoc-%{version}-source.tar.gz
# CVE-2021-40985 [bsc#1192357], buffer overflow may lead to DoS via a crafted BMP image
Patch0: htmldoc-CVE-2021-40985.patch
BuildRequires: fltk-devel BuildRequires: fltk-devel
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: hicolor-icon-theme BuildRequires: hicolor-icon-theme
@ -41,6 +43,7 @@ Portable Document Format (PDF) files that can be viewed online or printed.
%prep %prep
%setup -q %setup -q
%patch0 -p1
%build %build
%configure \ %configure \