[transfig/f18] fix buffer overflow on loading a malformed .fig file (CVE-2009-4227)
Kamil Dudka
kdudka at fedoraproject.org
Thu Aug 9 21:35:57 UTC 2012
commit 0b52da9512b0809b7d2b4983aee469d706f85220
Author: Kamil Dudka <kdudka at redhat.com>
Date: Thu Aug 9 23:27:51 2012 +0200
fix buffer overflow on loading a malformed .fig file (CVE-2009-4227)
transfig-3.2.5d-CVE-2009-4227.patch | 25 +++++++++++++++++++++++++
transfig.spec | 7 ++++++-
2 files changed, 31 insertions(+), 1 deletions(-)
---
diff --git a/transfig-3.2.5d-CVE-2009-4227.patch b/transfig-3.2.5d-CVE-2009-4227.patch
new file mode 100644
index 0000000..820b660
--- /dev/null
+++ b/transfig-3.2.5d-CVE-2009-4227.patch
@@ -0,0 +1,25 @@
+From 824eff7e2ce2b1a64ec1406a04aeedf10456e9da Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka at redhat.com>
+Date: Thu, 9 Aug 2012 16:46:34 +0200
+Subject: [PATCH] read_textobject: limit the input when reading to a fixed-size buffer
+
+---
+ fig2dev/read1_3.c | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/fig2dev/read1_3.c b/fig2dev/read1_3.c
+index 28951e8..5b9d770 100644
+--- a/fig2dev/read1_3.c
++++ b/fig2dev/read1_3.c
+@@ -451,7 +451,7 @@ FILE *fp;
+ t->pen = 0;
+ t->angle = 0.0;
+ t->next = NULL;
+- n = fscanf(fp," %d %lf %d %lf %lf %d %d %[^\n]", &t->font,
++ n = fscanf(fp," %d %lf %d %lf %lf %d %d %127[^\n]", &t->font,
+ &t->size, &t->flags, &t->height, &t->length,
+ &t->base_x, &t->base_y, buf);
+ if (n != 8) {
+--
+1.7.1
+
diff --git a/transfig.spec b/transfig.spec
index d9a939b..e1c0729 100644
--- a/transfig.spec
+++ b/transfig.spec
@@ -1,7 +1,7 @@
Summary: Utility for converting FIG files (made by xfig) to other formats
Name: transfig
Version: 3.2.5d
-Release: 7%{?dist}
+Release: 8%{?dist}
Epoch: 1
License: MIT
URL: http://www.xfig.org/
@@ -13,6 +13,7 @@ Patch1: transfig-3.2.5-modularX.patch
Patch2: transfig-3.2.5-bitmap.patch
Patch3: transfig-3.2.5d-bz728825.patch
Patch4: transfig-3.2.5-libpng.patch
+Patch5: transfig-3.2.5d-CVE-2009-4227.patch
Requires: ghostscript
Requires: bc
@@ -42,6 +43,7 @@ figures into certain graphics languages.
%patch2 -p1
%patch3 -p1
%patch4 -p1 -b .libpng
+%patch5 -p1
# fix source permissions
find -type f -exec chmod -x {} \;
@@ -79,6 +81,9 @@ rm -rf %{buildroot}
%{_datadir}/fig2dev
%changelog
+* Thu Aug 09 2012 Kamil Dudka <kdudka at redhat.com> - 1:3.2.5d-8
+- fix buffer overflow on loading a malformed .fig file (CVE-2009-4227)
+
* Sun Jul 22 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1:3.2.5d-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
More information about the scm-commits
mailing list