diff --git a/CVE-2019-18853.patch b/CVE-2019-18853.patch new file mode 100644 index 0000000000000000000000000000000000000000..7be1454b6adfefd921d3fc5acfdc9c8070dcda4e --- /dev/null +++ b/CVE-2019-18853.patch @@ -0,0 +1,45 @@ +From 0e28baf9bcb3e2e759f51cd0d74750e5e195b1aa Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Wed, 23 Oct 2019 06:01:08 -0400 +Subject: [PATCH] [FG-VD-19-136] ImageMagick Convert SVG MacOS Denial Of + Service + +--- + coders/svg.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/coders/svg.c b/coders/svg.c +index 1fee4b8..26ac308 100644 +--- a/coders/svg.c ++++ b/coders/svg.c +@@ -66,9 +66,10 @@ + #include "magick/monitor.h" + #include "magick/monitor-private.h" + #include "magick/pixel-accessor.h" +-#include "magick/quantum-private.h" ++#include "magick/option.h" + #include "magick/pixel-private.h" + #include "magick/property.h" ++#include "magick/quantum-private.h" + #include "magick/resource_.h" + #include "magick/static.h" + #include "magick/string_.h" +@@ -3579,9 +3580,14 @@ static Image *ReadSVGImage(const ImageInfo *image_info,ExceptionInfo *exception) + message[n]='\0'; + if (n > 0) + { ++ const char ++ *value; ++ + svg_info->parser=xmlCreatePushParserCtxt(sax_handler,svg_info,(char *) + message,n,image->filename); +- (void) xmlCtxtUseOptions(svg_info->parser,XML_PARSE_HUGE); ++ value=GetImageOption(image_info,"svg:xml-parse-huge"); ++ if ((value != (char *) NULL) && (IsStringTrue(value) != MagickFalse)) ++ (void) xmlCtxtUseOptions(svg_info->parser,XML_PARSE_HUGE); + while ((n=ReadBlob(image,MaxTextExtent-1,message)) != 0) + { + message[n]='\0'; +-- +2.30.0 + diff --git a/CVE-2020-27755.patch b/CVE-2020-27755.patch new file mode 100644 index 0000000000000000000000000000000000000000..b62a61a83445c3a9cfbd700b90498b413795c5d0 --- /dev/null +++ b/CVE-2020-27755.patch @@ -0,0 +1,38 @@ +From 5fa0c9d4376d879855fb154e166c90775530edf4 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Wed, 16 Oct 2019 15:02:11 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1756 + +--- + magick/image.c | 15 ++++++++++++--- + 1 file changed, 12 insertions(+), 3 deletions(-) + +diff --git a/magick/image.c b/magick/image.c +index 90cec87..d462c9e 100644 +--- a/magick/image.c ++++ b/magick/image.c +@@ -2703,9 +2703,18 @@ MagickExport MagickBooleanType SetImageExtent(Image *image,const size_t columns, + image->filename); + image->columns=columns; + image->rows=rows; +- if ((image->depth == 0) || (image->depth > (8*sizeof(MagickSizeType)))) +- ThrowBinaryImageException(ImageError,"ImageDepthNotSupported", +- image->filename); ++ if (image->depth == 0) ++ { ++ image->depth=8; ++ (void) ThrowMagickException(&image->exception,GetMagickModule(), ++ ImageError,"ImageDepthNotSupported","`%s'",image->filename); ++ } ++ if (image->depth > (8*sizeof(MagickSizeType))) ++ { ++ image->depth=8*sizeof(MagickSizeType); ++ (void) ThrowMagickException(&image->exception,GetMagickModule(), ++ ImageError,"ImageDepthNotSupported","`%s'",image->filename); ++ } + return(SyncImagePixelCache(image,&image->exception)); + } + +-- +2.30.0 + diff --git a/ImageMagick.spec b/ImageMagick.spec index 9e2ccbe5066de257fd9270e8bdd61fd6212b94a8..957a058fad52e419cf8ade8a2dfc08f75ae81d3d 100644 --- a/ImageMagick.spec +++ b/ImageMagick.spec @@ -1,7 +1,7 @@ Name: ImageMagick Epoch: 1 Version: 6.9.10.67 -Release: 19 +Release: 20 Summary: Create, edit, compose, or convert bitmap images License: ImageMagick and MIT Url: http://www.imagemagick.org/ @@ -52,6 +52,8 @@ Patch0042: CVE-2020-27775.patch Patch0043: CVE-2020-25666-1.patch Patch0044: CVE-2020-25666-2.patch Patch0045: CVE-2020-25675.patch +Patch0046: CVE-2020-27755.patch +Patch0047: CVE-2019-18853.patch BuildRequires: bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators BuildRequires: libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel @@ -208,6 +210,9 @@ rm PerlMagick/demo/Generic.ttf %{_libdir}/pkgconfig/ImageMagick++* %changelog +* Mon Apr 12 2021 wangyue - 6.9.10.67-20 +- Fix CVE-2019-18853 CVE-2020-27755 + * Tue Apr 6 2021 wangxiao - 6.9.10.67-19 - Fix CVE-2020-25666 CVE-2020-25675