diff --git a/CVE-2019-7317.patch b/CVE-2019-7317.patch new file mode 100644 index 0000000000000000000000000000000000000000..473521c6490bd2bcbc2235bb0a45d03b84fc8599 --- /dev/null +++ b/CVE-2019-7317.patch @@ -0,0 +1,31 @@ +From 9c0d5c77bf5bf2d7c1e11f388de40a70e0191550 Mon Sep 17 00:00:00 2001 +From: Cosmin Truta +Date: Sun, 3 Feb 2019 22:40:56 -0500 +Subject: [PATCH] Call png_image_free_function without guarding it with + png_safe_execute + +png_image_free_function (or any other destructor) should never fail. +Destructors need not and must not be executed under png_safe_execute. + +Reference: CVE-2019-7317, use-after-free in png_image_free +--- + png.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/png.c b/png.c +index 9d9926f63..efd1aecfb 100644 +--- a/png.c ++++ b/png.c +@@ -4588,8 +4588,7 @@ png_image_free(png_imagep image) + if (image != NULL && image->opaque != NULL && + image->opaque->error_buf == NULL) + { +- /* Ignore errors here: */ +- (void)png_safe_execute(image, png_image_free_function, image); ++ png_image_free_function(image); + image->opaque = NULL; + } + } +-- +2.20.1 + diff --git a/libpng.spec b/libpng.spec index b6c06027e987c2d78b6aa35c3db118d23670dc39..a366c85fffa4d5f8c152b855b36f2f69a92daaf3 100644 --- a/libpng.spec +++ b/libpng.spec @@ -1,7 +1,7 @@ Name: libpng Epoch: 2 Version: 1.6.37 -Release: 1 +Release: 2 Summary: A library of functions for manipulating PNG image format files License: zlib URL: http://www.libpng.org/pub/png/libpng.html @@ -11,6 +11,7 @@ Source1: pngusr.dfa Patch0: libpng-multilib.patch Patch1: libpng-fix-arm-neon.patch Patch2: CVE-2019-6129.patch +Patch3: CVE-2019-7317.patch BuildRequires: zlib-devel autoconf automake libtool Provides: libpng-tools @@ -76,6 +77,12 @@ make check %{_mandir}/man*/* %changelog +* Thu Aug 28 2025 Yu Peng - 1.6.37-2 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix CVE-2019-7317. + * Mon May 11 2020 openEuler Buildteam - 1.6.37-1 - Type:requirement - ID:NA