NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/giflib/0002-Fix-CVE-2022-28506.patch: New security patch

Browse Source 
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
[yann.morin.1998@free.fr: add GIFLIB_IGNORE_CVES]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit is contained in:
Adam Duskett 2023-12-05 16:59:17 -07:00 committed by Yann E. MORIN
parent e779df7dc9
commit 4a93a83196
2 changed files with 37 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
package/giflib/0002-Fix-CVE-2022-28506.patch Normal file
View File

@ -0,0 +1,34 @@
From c0cca041fc4fb6748d8dff3675fe7a839253d668 Mon Sep 17 00:00:00 2001
From: Sandro Mani <manisandro@gmail.com>
Date: Tue, 5 Dec 2023 16:24:32 -0700
Subject: [PATCH] Fix CVE-2022-28506
From: giflib-5.2.1-17.fc39.src.rpm
Fixes https://nvd.nist.gov/vuln/detail/CVE-2022-28506
Upstream: https://sourceforge.net/p/giflib/bugs/159/
Signed-off-by: Sandro Mani <manisandro@gmail.com>
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
---
gif2rgb.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/gif2rgb.c b/gif2rgb.c
index 8d7c0ff..d9a469f 100644
--- a/gif2rgb.c
+++ b/gif2rgb.c
@@ -294,6 +294,11 @@ static void DumpScreen2RGB(char *FileName, int OneFileFlag,
GifRow = ScreenBuffer[i];
GifQprintf("\b\b\b\b%-4d", ScreenHeight - i);
for (j = 0, BufferP = Buffer; j < ScreenWidth; j++) {
+ /* Check if color is within color palete */
+ if (GifRow[j] >= ColorMap->ColorCount)
+ {
+ GIF_EXIT(GifErrorString(D_GIF_ERR_IMAGE_DEFECT));
+ }
ColorMapEntry = &ColorMap->Colors[GifRow[j]];
*BufferP++ = ColorMapEntry->Red;
*BufferP++ = ColorMapEntry->Green;
--
2.43.0

3
package/giflib/giflib.mk
View File

@ -11,6 +11,9 @@ GIFLIB_LICENSE = MIT
GIFLIB_LICENSE_FILES = COPYING
GIFLIB_CPE_ID_VENDOR = giflib_project
# 0002-Fix-CVE-2022-28506.patch
GIFLIB_IGNORE_CVES = CVE-2022-28506
ifeq ($(BR2_STATIC_LIBS),y)
GIFLIB_BUILD_LIBS = static-lib
GIFLIB_INSTALL_LIBS = install-static-lib