From 81e4fbcb846ed1cabdad699c0029b166dd7273b7 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Wed, 3 Jan 2018 19:17:21 +0000 Subject: gentoo resync : 03.01.2018 --- .../gimp/files/gimp-2.8.22-cve-2017-17789.patch | 38 ++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 media-gfx/gimp/files/gimp-2.8.22-cve-2017-17789.patch (limited to 'media-gfx/gimp/files/gimp-2.8.22-cve-2017-17789.patch') diff --git a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17789.patch b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17789.patch new file mode 100644 index 000000000000..3d63694f6790 --- /dev/null +++ b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17789.patch @@ -0,0 +1,38 @@ +From 01898f10f87a094665a7fdcf7153990f4e511d3f Mon Sep 17 00:00:00 2001 +From: Jehan +Date: Wed, 20 Dec 2017 16:44:20 +0100 +Subject: Bug 790849 - (CVE-2017-17789) CVE-2017-17789 Heap buffer overflow... + +... in PSP importer. +Check if declared block length is valid (i.e. within the actual file) +before going further. +Consider the file as broken otherwise and fail loading it. + +(cherry picked from commit 28e95fbeb5720e6005a088fa811f5bf3c1af48b8) +--- + plug-ins/common/file-psp.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c +index ac0fff7..4cbafe3 100644 +--- a/plug-ins/common/file-psp.c ++++ b/plug-ins/common/file-psp.c +@@ -1771,6 +1771,15 @@ load_image (const gchar *filename, + { + block_start = ftell (f); + ++ if (block_start + block_total_len > st.st_size) ++ { ++ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, ++ _("Could not open '%s' for reading: %s"), ++ gimp_filename_to_utf8 (filename), ++ _("invalid block size")); ++ goto error; ++ } ++ + if (id == PSP_IMAGE_BLOCK) + { + if (block_number != 0) +-- +cgit v0.12 + -- cgit v1.2.3