diff --git a/CVE-2021-20241-CVE-2021-20243.patch b/CVE-2021-20241-CVE-2021-20243.patch new file mode 100644 index 0000000000000000000000000000000000000000..6d04ee0030c12338c861bed313f0eaedb7e76506 --- /dev/null +++ b/CVE-2021-20241-CVE-2021-20243.patch @@ -0,0 +1,64 @@ +From 53cb91b3e7bf95d0e372cbc745e0055ac6054745 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Wed, 3 Feb 2021 15:30:39 -0500 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/pull/3177 + +--- + coders/dcm.c | 12 ++++++------ + coders/jp2.c | 6 ++++-- + magick/resize.c | 2 +- + 3 files changed, 11 insertions(+), 9 deletions(-) + +diff --git a/coders/dcm.c b/coders/dcm.c +index d274ad54c..29eed9618 100644 +--- a/coders/dcm.c ++++ b/coders/dcm.c +@@ -2982,12 +2982,12 @@ static MagickBooleanType ReadDCMPixels(Image *image,DCMInfo *info, + } + else + { +- SetPixelRed(q,(((size_t) pixel.red) | +- (((size_t) GetPixelRed(q)) << 8))); +- SetPixelGreen(q,(((size_t) pixel.green) | +- (((size_t) GetPixelGreen(q)) << 8))); +- SetPixelBlue(q,(((size_t) pixel.blue) | +- (((size_t) GetPixelBlue(q)) << 8))); ++ SetPixelRed(q,(Quantum) (((ssize_t) pixel.red) | ++ (((ssize_t) GetPixelRed(q)) << 8))); ++ SetPixelGreen(q,(Quantum) (((ssize_t) pixel.green) | ++ (((ssize_t) GetPixelGreen(q)) << 8))); ++ SetPixelBlue(q,(Quantum) (((ssize_t) pixel.blue) | ++ (((ssize_t) GetPixelBlue(q)) << 8))); + } + q++; + } +diff --git a/coders/jp2.c b/coders/jp2.c +index 0354f8298..7dd0f1332 100644 +--- a/coders/jp2.c ++++ b/coders/jp2.c +@@ -1047,8 +1047,10 @@ static MagickBooleanType WriteJP2Image(const ImageInfo *image_info,Image *image) + + scale=(double) (((size_t) 1UL << jp2_image->comps[i].prec)-1)/ + QuantumRange; +- q=jp2_image->comps[i].data+(y/jp2_image->comps[i].dy* +- image->columns/jp2_image->comps[i].dx+x/jp2_image->comps[i].dx); ++ q=jp2_image->comps[i].data+(ssize_t) (y*PerceptibleReciprocal( ++ jp2_image->comps[i].dy)*image->columns*PerceptibleReciprocal( ++ jp2_image->comps[i].dx)+x*PerceptibleReciprocal( ++ jp2_image->comps[i].dx)); + switch (i) + { + case 0: +diff --git a/magick/resize.c b/magick/resize.c +index fe662c144..1f3e16928 100644 +--- a/magick/resize.c ++++ b/magick/resize.c +@@ -1612,7 +1612,7 @@ MagickExport MagickRealType GetResizeFilterWeight( + */ + assert(resize_filter != (ResizeFilter *) NULL); + assert(resize_filter->signature == MagickCoreSignature); +- x_blur=fabs((double) x)/resize_filter->blur; /* X offset with blur scaling */ ++ x_blur=fabs((double) x)*PerceptibleReciprocal(resize_filter->blur); /* X offset with blur scaling */ + if ((resize_filter->window_support < MagickEpsilon) || + (resize_filter->window == Box)) + scale=1.0; /* Point or Box Filter -- avoid division by zero */ diff --git a/ImageMagick.spec b/ImageMagick.spec index 8803a623951cdc8bafb8b53d9af8a7de7b63d9d1..79f681ef98c66113efcc773a652211d0e1dec857 100644 --- a/ImageMagick.spec +++ b/ImageMagick.spec @@ -1,7 +1,7 @@ Name: ImageMagick Epoch: 1 Version: 6.9.10.67 -Release: 14 +Release: 16 Summary: Create, edit, compose, or convert bitmap images License: ImageMagick and MIT Url: http://www.imagemagick.org/ @@ -41,6 +41,7 @@ Patch0031: CVE-2020-27768.patch Patch0032: CVE-2020-27750.patch Patch0033: CVE-2020-25665.patch Patch0034: CVE-2020-25674.patch +Patch0035: CVE-2021-20241-CVE-2021-20243.patch BuildRequires: bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators BuildRequires: libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel @@ -197,7 +198,10 @@ rm PerlMagick/demo/Generic.ttf %{_libdir}/pkgconfig/ImageMagick++* %changelog -* Mon Mar 8 2021 zhanghua - 6.9.10.67-14 +* Tue Mar 16 2021 wangxiao - 6.9.10.67-16 +- Fix CVE-2021-20241 CVE-2021-20243 + +* Mon Mar 8 2021 zhanghua - 6.9.10.67-15 - Fix CVE-2020-27750 CVE-2020-25665 CVE-2020-25674 * Wed Mar 03 2021 wangyue - 6.9.10.67-13