diff options
| author |   Catalin Enache <catalin.enache@windriver.com> | 2017-04-05 15:06:51 +0300 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-04-10 23:00:42 +0100 |
| commit | 6df3fde8e952799b91f3812b4f7929d7a34cddfe (patch) | |
| tree | 379da18a1bd83a76fcb4fe23ee0158a4bd8dd2d6 /meta/recipes-extended/ghostscript/ghostscript | |
| parent | 77de4e58bfd291ea98c20609c5524c6983d29d89 (diff) | |
| download | openembedded-core-contrib-6df3fde8e952799b91f3812b4f7929d7a34cddfe.tar.gz | |
ghostscript: CVE-2017-7207
The mem_get_bits_rectangle function in Artifex Software, Inc.
Ghostscript 9.20 allows remote attackers to cause a denial
of service (NULL pointer dereference) via a crafted PostScript
document.
Reference:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7207
Upstream patch:
http://git.ghostscript.com/?p=ghostpdl.git;h=309eca4e0a31ea70dcc844812691439312dad091
(From OE-Core rev: 0f22a27c2abd2f2dd9119681f139dd85dcb6479d)
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/ghostscript/ghostscript')
| -rw-r--r-- | meta/recipes-extended/ghostscript/ghostscript/CVE-2017-7207.patch | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-7207.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-7207.patch new file mode 100644 index 0000000000..a05dc02c6c --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2017-7207.patch @@ -0,0 +1,39 @@ +From 0e88bee1304993668fede72498d656a2dd33a35e Mon Sep 17 00:00:00 2001 +From: Ken Sharp <ken.sharp@artifex.com> +Date: Mon, 20 Mar 2017 09:34:11 +0000 +Subject: [PATCH] Ensure a device has raster memory, before trying to read it. + +Bug #697676 "Null pointer dereference in mem_get_bits_rectangle()" + +This is only possible by abusing/mis-using Ghostscript-specific +language extensions, so cannot happen in a general PostScript program. + +Nevertheless, Ghostscript should not crash. So this commit checks the +memory device to see if raster memory has been allocated, before trying +to read from it. + +Upstream-Status: Backport +CVE: CVE-2017-7207 + +Author: Ken Sharp <ken.sharp@artifex.com> +Signed-off-by: Catalin Enache <catalin.enache@windriver.com> +--- + base/gdevmem.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/base/gdevmem.c b/base/gdevmem.c +index 41108ba..183f96d 100644 +--- a/base/gdevmem.c ++++ b/base/gdevmem.c +@@ -605,6 +605,8 @@ mem_get_bits_rectangle(gx_device * dev, const gs_int_rect * prect, + GB_PACKING_CHUNKY | GB_COLORS_NATIVE | GB_ALPHA_NONE; + return_error(gs_error_rangecheck); + } ++ if (mdev->line_ptrs == 0x00) ++ return_error(gs_error_rangecheck); + if ((w <= 0) | (h <= 0)) { + if ((w | h) < 0) + return_error(gs_error_rangecheck); +-- +2.10.2 + |