From cb0acf64e2e4f19d225af465e701a869ef681236 Mon Sep 17 00:00:00 2001 From: starlet-dx <15929766099@163.com> Date: Tue, 22 Nov 2022 17:45:18 +0800 Subject: [PATCH] Fix CVE-2022-32547 --- CVE-2022-32547.patch | 30 ++++++++++++++++++++++++++++++ ImageMagick.spec | 6 +++++- 2 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 CVE-2022-32547.patch diff --git a/CVE-2022-32547.patch b/CVE-2022-32547.patch new file mode 100644 index 0000000..dddc769 --- /dev/null +++ b/CVE-2022-32547.patch @@ -0,0 +1,30 @@ +From dc070da861a015d3c97488fdcca6063b44d47a7b Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Sat, 9 Apr 2022 08:40:54 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/pull/5034 + +--- + magick/property.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/magick/property.c b/magick/property.c +index 2d80493dd2..bfc689466d 100644 +--- a/magick/property.c ++++ b/magick/property.c +@@ -1526,12 +1526,14 @@ static MagickBooleanType GetEXIFProperty(const Image *image, + } + case EXIF_FMT_SINGLE: + { +- EXIFMultipleValues(4,"%f",(double) *(float *) p1); ++ EXIFMultipleValues(4,"%.20g",(double) ++ ReadPropertySignedLong(endian,p1)); + break; + } + case EXIF_FMT_DOUBLE: + { +- EXIFMultipleValues(8,"%f",*(double *) p1); ++ EXIFMultipleValues(8,"%.20g",(double) ++ ReadPropertySignedLong(endian,p1)); + break; + } + case EXIF_FMT_STRING: diff --git a/ImageMagick.spec b/ImageMagick.spec index c0eab78..9b88b12 100644 --- a/ImageMagick.spec +++ b/ImageMagick.spec @@ -1,7 +1,7 @@ Name: ImageMagick Epoch: 1 Version: 6.9.12.43 -Release: 3 +Release: 4 Summary: Create, edit, compose, or convert bitmap images License: ImageMagick and MIT Url: http://www.imagemagick.org/ @@ -11,6 +11,7 @@ Patch0001: backport-fix-CVE-2022-1115.patch Patch0002: CVE-2022-3213-pre1.patch Patch0003: CVE-2022-3213-pre2.patch Patch0004: CVE-2022-3213.patch +Patch0005: CVE-2022-32547.patch BuildRequires: bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators @@ -169,6 +170,9 @@ rm PerlMagick/demo/Generic.ttf %{_libdir}/pkgconfig/ImageMagick++* %changelog +* Tue Nov 22 2022 yaoxin - 1:6.9.12.43-4 +- Fix CVE-2022-32547 + * Thu Oct 13 2022 chenwenjie - 1:6.9.12.43-3 - fix CVE-2022-3213 -- Gitee