diff --git a/0001-fix-CVE-2025-48174.patch b/0001-fix-CVE-2025-48174.patch new file mode 100644 index 0000000000000000000000000000000000000000..77c1d2dd57c6c23f50d124d933d7ac03e2611149 --- /dev/null +++ b/0001-fix-CVE-2025-48174.patch @@ -0,0 +1,23 @@ +From e5fdefe7d1776e6c4cf1703c163a8c0535599029 Mon Sep 17 00:00:00 2001 +From: DanisJiang <43723722+DanisJiang@users.noreply.github.com> +Date: Fri, 18 Apr 2025 17:31:53 +0800 +Subject: [PATCH] Add integer overflow checks to makeRoom. + +--- + src/stream.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/stream.c b/src/stream.c +index 770c8ba042..41252f89d9 100644 +--- a/src/stream.c ++++ b/src/stream.c +@@ -235,6 +235,9 @@ avifBool avifROStreamReadAndEnforceVersion(avifROStream * stream, uint8_t enforc + static void makeRoom(avifRWStream * stream, size_t size) + { + size_t neededSize = stream->offset + size; ++ if (neededSize < stream->offset) { ++ return AVIF_RESULT_INVALID_ARGUMENT; ++ } + size_t newSize = stream->raw->size; + while (newSize < neededSize) { + newSize += AVIF_STREAM_BUFFER_INCREMENT; diff --git a/libavif.spec b/libavif.spec index b048d34fa3c72462f6d6d8091f2c240a9e2894f0..85a709ddfb0d2219837a50ad0525911d13fe2302 100644 --- a/libavif.spec +++ b/libavif.spec @@ -1,4 +1,4 @@ -%define anolis_release 1 +%define anolis_release 2 # Build without aom %bcond_with aom # Build without SVT-AV1 @@ -13,6 +13,7 @@ Summary: Library for encoding and decoding .avif files License: BSD-2-Clause URL: https://github.com/AOMediaCodec/libavif Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz +Patch0: 0001-fix-CVE-2025-48174.patch BuildRequires: cmake BuildRequires: gcc-c++ @@ -120,5 +121,8 @@ The %{name}-doc package contains documentation files for %{name}. %doc CHANGELOG.md README.md %changelog +* Thu Jun 12 2025 yangjinlin01 - 0.11.1-2 +- fix CVE-2025-48174 + * Tue Mar 21 2023 Yuanhong Peng - 0.11.1-1 - Init from upstream