projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4d0f5c2) | patch
package/giflib: add two upstream security fixes
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Mon, 19 Aug 2019 21:21:20 +0000 (23:21 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Mon, 19 Aug 2019 21:49:26 +0000 (23:49 +0200)
commitcbfee0ad53f574e73ed7daa3c2870cf540723657
tree8ac8c6441a71588369250078a1843978d6f469bctree
parent4d0f5c28b6ff9a676e374af13386c4637c46ffe1commit | diff
package/giflib: add two upstream security fixes

- Fix CVE-2018-11490: The DGifDecompressLine function in dgif_lib.c in
  GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p
  0.49.4, has a heap-based buffer overflow because a certain
  "Private->RunningCode - 2" array index is not checked. This will lead
  to a denial of service or possibly unspecified other impact.

- Fix CVE-2019-15133: In GIFLIB before 2019-02-16, a malformed GIF file
  triggers a divide-by-zero exception in the decoder function DGifSlurp
  in dgif_lib.c if the height field of the ImageSize data structure is
  equal to zero.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/giflib/0001-Address-SF-bug-113-Heap-Buffer-Overflow-2-in-functio.patch [new file with mode: 0644] blob
package/giflib/0002-Address-SF-bug-119-MemorySanitizer-FPE-on-unknown-ad.patch [new file with mode: 0644] blob