diff --git a/CVE-2020-27752.patch b/CVE-2020-27752.patch new file mode 100644 index 0000000000000000000000000000000000000000..ff6dbeeffa5b5a49d7f6ce261328b3faa7953d12 --- /dev/null +++ b/CVE-2020-27752.patch @@ -0,0 +1,32 @@ +From cea01963ce130bd8400838e9c2d306a1a973e7f4 Mon Sep 17 00:00:00 2001 +From: wang_yue111 <648774160@qq.com> +Date: Thu, 29 Apr 2021 16:56:33 +0800 +Subject: [PATCH] 2 + +--- + coders/png.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/coders/png.c b/coders/png.c +index ee6fba2..9df1a08 100644 +--- a/coders/png.c ++++ b/coders/png.c +@@ -11177,11 +11177,13 @@ static MagickBooleanType WriteOnePNGImage(MngInfo *mng_info, + (void) LogMagickEvent(CoderEvent,GetMagickModule(), + " Allocating %.20g bytes of memory for pixels",(double) rowbytes); + } +- pixel_info=AcquireVirtualMemory(rowbytes+256,sizeof(*ping_pixels)); ++ pixel_info=AcquireVirtualMemory(rowbytes,GetPixelChannels(image)* ++ sizeof(*ping_pixels)); + if (pixel_info == (MemoryInfo *) NULL) + png_error(ping,"Allocation of memory for pixels failed"); + ping_pixels=(unsigned char *) GetVirtualMemoryBlob(pixel_info); +- (void) memset(ping_pixels,0,(rowbytes+256)*sizeof(*ping_pixels)); ++ (void) memset(ping_pixels,0,rowbytes*GetPixelChannels(image)* ++ sizeof(*ping_pixels)); + /* + Initialize image scanlines. + */ +-- +2.23.0 + diff --git a/ImageMagick.spec b/ImageMagick.spec index 6b72cf68c882a7ee9b63532586a0b53c7d8caee1..286148c8e1ae0a5bb6bf89d3245c5a33a8e2b287 100644 --- a/ImageMagick.spec +++ b/ImageMagick.spec @@ -1,7 +1,7 @@ Name: ImageMagick Epoch: 1 Version: 6.9.10.67 -Release: 21 +Release: 22 Summary: Create, edit, compose, or convert bitmap images License: ImageMagick and MIT Url: http://www.imagemagick.org/ @@ -54,6 +54,7 @@ Patch0044: CVE-2020-25666-2.patch Patch0045: CVE-2020-25675.patch Patch0046: CVE-2020-27755.patch Patch0047: CVE-2019-18853.patch +Patch0048: CVE-2020-27752.patch BuildRequires: bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators BuildRequires: libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel @@ -210,6 +211,9 @@ rm PerlMagick/demo/Generic.ttf %{_libdir}/pkgconfig/ImageMagick++* %changelog +* Thu Apr 29 2021 wangyue - 6.9.10.67-22 +- Fix CVE-2020-27752 + * Mon Apr 12 2021 wangyue - 6.9.10.67-21 - Fix CVE-2019-18853 CVE-2020-27755