packages/ghostscript
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2025-27830

Browse Source
This commit is contained in:
Funda Wang 2025-04-01 13:35:38 +08:00
parent b31ad8b489
commit 7355d372ff
2 changed files with 66 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
backport-CVE-2025-27830.patch Normal file
View File

@ -0,0 +1,55 @@
Backport of:
From 8474e1d6b896e35741d3c608ea5c21deeec1078f Mon Sep 17 00:00:00 2001
From: Zdenek Hutyra <zhutyra@centrum.cz>
Date: Mon, 13 Jan 2025 09:15:01 +0000
Subject: Bug 708241: Fix potential Buffer overflow with DollarBlend
During serializing a multiple master font for passing to Freetype.
Use CVE-2025-27830
---
base/write_t1.c | 9 +++++----
psi/zfapi.c | 9 +++++++--
2 files changed, 12 insertions(+), 6 deletions(-)
--- a/base/write_t1.c
+++ b/base/write_t1.c
@@ -454,6 +454,7 @@ write_main_dictionary(gs_fapi_font * a_f
WRF_wbyte(a_fapi_font->memory, a_output, '\n');
if (is_MM_font(a_fapi_font)) {
short x, x2;
+ unsigned short ux;
float x1;
uint i, j, entries;
char Buffer[255];
@@ -548,14 +549,14 @@ write_main_dictionary(gs_fapi_font * a_f
* be because the "get_proc" method below was missing the code to handle PS name
* objects.
*/
- if ((x =
+ if ((ux =
a_fapi_font->get_word(a_fapi_font,
gs_fapi_font_feature_DollarBlend_length,
0)) > 0) {
WRF_wstring(a_fapi_font->memory, a_output, "/$Blend {");
if (a_output->m_count)
- a_output->m_count += x;
+ a_output->m_count += ux;
x = a_fapi_font->get_proc(a_fapi_font,
gs_fapi_font_feature_DollarBlend, 0,
(char *)a_output->m_pos);
--- a/psi/zfapi.c
+++ b/psi/zfapi.c
@@ -618,6 +618,10 @@ FAPI_FF_get_word(gs_fapi_font *ff, gs_fa
default:
break;
}
+
+ if (length > max_ushort) {
+ return 0;
+ }
}
return length;
}

15
ghostscript.spec
View File

@ -9,7 +9,7 @@
Name: ghostscript Name: ghostscript
Version: 9.52 Version: 9.52
Release: 21 Release: 22
Summary: An interpreter for PostScript and PDF files Summary: An interpreter for PostScript and PDF files
License: AGPLv3+ License: AGPLv3+
URL: https://ghostscript.com/ URL: https://ghostscript.com/
@ -64,9 +64,10 @@ Patch45: backport-CVE-2024-46953.patch
Patch46: backport-CVE-2024-46956.patch Patch46: backport-CVE-2024-46956.patch
Patch47: backport-CVE-2024-46955.patch Patch47: backport-CVE-2024-46955.patch
Patch48: backport-CVE-2024-46951.patch Patch48: backport-CVE-2024-46951.patch
Patch49: backport-CVE-2025-27832.patch Patch49: backport-CVE-2025-27830.patch
Patch50: backport-CVE-2025-27835.patch Patch50: backport-CVE-2025-27832.patch
Patch60: backport-CVE-2025-27836.patch Patch51: backport-CVE-2025-27835.patch
Patch52: backport-CVE-2025-27836.patch
BuildRequires: automake gcc BuildRequires: automake gcc
BuildRequires: adobe-mappings-cmap-devel adobe-mappings-pdf-devel BuildRequires: adobe-mappings-cmap-devel adobe-mappings-pdf-devel
@ -227,6 +228,12 @@ install -m 0755 -d %{buildroot}%{_datadir}/%{name}/conf.d/
%{_bindir}/dvipdf %{_bindir}/dvipdf
%changelog %changelog
* Tue Apr 01 2025 Funda Wang <fundawang@yeah.net> - 9.52-22
- Type:CVE
- ID:NA
- SUG:NA
- DECS: Fix CVE-2025-27830
* Thu Mar 27 2025 Funda Wang <fundawang@yeah.net> - 9.52-21 * Thu Mar 27 2025 Funda Wang <fundawang@yeah.net> - 9.52-21
- Type:CVE - Type:CVE
- ID:NA - ID:NA