SECURITY UPDATE
This commit is contained in:
parent
1bc188585f
commit
fcde5a9947
|
@ -1,3 +1,15 @@
|
|||
imagemagick (8:6.9.11.60+dfsg-ok1.2) yangtze; urgency=medium
|
||||
|
||||
* SECURITY UPDATE: heap-based buffer overflow issue
|
||||
- CVE-2021-3610
|
||||
- CVE-2023-3428
|
||||
- CVE-2023-1289
|
||||
- CVE-2023-1906
|
||||
- CVE-2023-3195
|
||||
- CVE-2023-34151
|
||||
|
||||
-- rtlhq <nobelxyz@163.com> Mon, 17 Jul 2023 20:40:36 +0800
|
||||
|
||||
imagemagick (8:6.9.11.60+dfsg-ok1.1) yangtze; urgency=medium
|
||||
|
||||
* SECURITY UPDATE: heap-based buffer overflow issue
|
||||
|
@ -24,4 +36,4 @@ imagemagick (8:6.9.11.60+dfsg-ok1) yangtze; urgency=medium
|
|||
|
||||
* Build for openKylin.
|
||||
|
||||
-- rtlhq <nobelxyz@163.com> Fri, 03 Feb 2023 12:00:43 +0800
|
||||
-- rtlhq <nobelxyz@163.com> Fri, 03 Feb 2023 12:00:43 +0800
|
|
@ -0,0 +1,21 @@
|
|||
From 930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3 Mon Sep 17 00:00:00 2001
|
||||
From: Cristy <mikayla-grace@urban-warrior.org>
|
||||
Date: Thu, 27 May 2021 10:30:17 -0400
|
||||
Subject: [PATCH] eliminate heap buffer overflow vulnerability, thanks to
|
||||
ZhangJiaxing (@r0fm1a) from Codesafe Team of Legendsec at Qi'anxin Group
|
||||
|
||||
---
|
||||
coders/tiff.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
--- imagemagick-6.9.11.60+dfsg.orig/coders/tiff.c
|
||||
+++ imagemagick-6.9.11.60+dfsg/coders/tiff.c
|
||||
@@ -1872,7 +1872,7 @@ static Image *ReadTIFFImage(const ImageI
|
||||
/*
|
||||
Convert stripped TIFF image.
|
||||
*/
|
||||
- extent=2*TIFFStripSize(tiff);
|
||||
+ extent=4*TIFFStripSize(tiff);
|
||||
#if defined(TIFF_VERSION_BIG)
|
||||
extent+=image->columns*sizeof(uint64);
|
||||
#else
|
|
@ -0,0 +1,208 @@
|
|||
From e8c0090c6d2df7b1553053dca2008e96724204bf Mon Sep 17 00:00:00 2001
|
||||
From: Cristy <urban-warrior@imagemagick.org>
|
||||
Date: Mon, 6 Mar 2023 14:46:21 -0500
|
||||
Subject: [PATCH] recursion detection framework
|
||||
|
||||
---
|
||||
magick/constitute.c | 12 +++++++++
|
||||
magick/draw.c | 64 ++++++++++++++++++---------------------------
|
||||
magick/draw.h | 3 +++
|
||||
magick/image.c | 1 +
|
||||
magick/image.h | 3 +++
|
||||
5 files changed, 45 insertions(+), 38 deletions(-)
|
||||
|
||||
--- imagemagick-6.9.11.60+dfsg.orig/magick/constitute.c
|
||||
+++ imagemagick-6.9.11.60+dfsg/magick/constitute.c
|
||||
@@ -77,6 +77,11 @@
|
||||
#include "magick/transform.h"
|
||||
#include "magick/utility.h"
|
||||
|
||||
+/*
|
||||
+ Define declarations.
|
||||
+*/
|
||||
+#define MaxReadRecursionDepth 100
|
||||
+
|
||||
/*
|
||||
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
||||
% %
|
||||
@@ -558,9 +563,16 @@ MagickExport Image *ReadImage(const Imag
|
||||
if ((thread_support & DecoderThreadSupport) == 0)
|
||||
LockSemaphoreInfo(magick_info->semaphore);
|
||||
status=IsCoderAuthorized(read_info->magick,ReadPolicyRights,exception);
|
||||
+ if (((ImageInfo *) image_info)->recursion_depth++ > MaxReadRecursionDepth)
|
||||
+ {
|
||||
+ (void) ThrowMagickException(exception,GetMagickModule(),CoderError,
|
||||
+ "NumberOfImagesIsNotSupported","`%s'",read_info->magick);
|
||||
+ status=MagickFalse;
|
||||
+ }
|
||||
image=(Image *) NULL;
|
||||
if (status != MagickFalse)
|
||||
image=GetImageDecoder(magick_info)(read_info,exception);
|
||||
+ ((ImageInfo *) image_info)->recursion_depth--;
|
||||
if ((thread_support & DecoderThreadSupport) == 0)
|
||||
UnlockSemaphoreInfo(magick_info->semaphore);
|
||||
}
|
||||
--- imagemagick-6.9.11.60+dfsg.orig/magick/draw.c
|
||||
+++ imagemagick-6.9.11.60+dfsg/magick/draw.c
|
||||
@@ -381,6 +381,7 @@ MagickExport DrawInfo *CloneDrawInfo(con
|
||||
clone_info->composite_mask=CloneImage(draw_info->composite_mask,0,0,
|
||||
MagickTrue,&draw_info->composite_mask->exception);
|
||||
clone_info->render=draw_info->render;
|
||||
+ clone_info->image_info=CloneImageInfo(draw_info->image_info);
|
||||
clone_info->debug=IsEventLogging();
|
||||
return(clone_info);
|
||||
}
|
||||
@@ -5820,21 +5821,18 @@ MagickExport void GetDrawInfo(const Imag
|
||||
ExceptionInfo
|
||||
*exception;
|
||||
|
||||
- ImageInfo
|
||||
- *clone_info;
|
||||
-
|
||||
/*
|
||||
Initialize draw attributes.
|
||||
*/
|
||||
(void) LogMagickEvent(TraceEvent,GetMagickModule(),"...");
|
||||
assert(draw_info != (DrawInfo *) NULL);
|
||||
(void) memset(draw_info,0,sizeof(*draw_info));
|
||||
- clone_info=CloneImageInfo(image_info);
|
||||
+ draw_info->image_info=CloneImageInfo(image_info);
|
||||
GetAffineMatrix(&draw_info->affine);
|
||||
exception=AcquireExceptionInfo();
|
||||
(void) QueryColorDatabase("#000F",&draw_info->fill,exception);
|
||||
(void) QueryColorDatabase("#FFF0",&draw_info->stroke,exception);
|
||||
- draw_info->stroke_antialias=clone_info->antialias;
|
||||
+ draw_info->stroke_antialias=draw_info->image_info->antialias;
|
||||
draw_info->stroke_width=1.0;
|
||||
draw_info->fill_rule=EvenOddRule;
|
||||
draw_info->opacity=OpaqueOpacity;
|
||||
@@ -5844,64 +5842,64 @@ MagickExport void GetDrawInfo(const Imag
|
||||
draw_info->linejoin=MiterJoin;
|
||||
draw_info->miterlimit=10;
|
||||
draw_info->decorate=NoDecoration;
|
||||
- if (clone_info->font != (char *) NULL)
|
||||
- draw_info->font=AcquireString(clone_info->font);
|
||||
- if (clone_info->density != (char *) NULL)
|
||||
- draw_info->density=AcquireString(clone_info->density);
|
||||
- draw_info->text_antialias=clone_info->antialias;
|
||||
+ if (draw_info->image_info->font != (char *) NULL)
|
||||
+ draw_info->font=AcquireString(draw_info->image_info->font);
|
||||
+ if (draw_info->image_info->density != (char *) NULL)
|
||||
+ draw_info->density=AcquireString(draw_info->image_info->density);
|
||||
+ draw_info->text_antialias=draw_info->image_info->antialias;
|
||||
draw_info->pointsize=12.0;
|
||||
- if (fabs(clone_info->pointsize) >= MagickEpsilon)
|
||||
- draw_info->pointsize=clone_info->pointsize;
|
||||
+ if (fabs(draw_info->image_info->pointsize) >= MagickEpsilon)
|
||||
+ draw_info->pointsize=draw_info->image_info->pointsize;
|
||||
draw_info->undercolor.opacity=(Quantum) TransparentOpacity;
|
||||
- draw_info->border_color=clone_info->border_color;
|
||||
+ draw_info->border_color=draw_info->image_info->border_color;
|
||||
draw_info->compose=OverCompositeOp;
|
||||
- if (clone_info->server_name != (char *) NULL)
|
||||
- draw_info->server_name=AcquireString(clone_info->server_name);
|
||||
+ if (draw_info->image_info->server_name != (char *) NULL)
|
||||
+ draw_info->server_name=AcquireString(draw_info->image_info->server_name);
|
||||
draw_info->render=MagickTrue;
|
||||
draw_info->clip_path=MagickFalse;
|
||||
draw_info->debug=IsEventLogging();
|
||||
- option=GetImageOption(clone_info,"direction");
|
||||
+ option=GetImageOption(draw_info->image_info,"direction");
|
||||
if (option != (const char *) NULL)
|
||||
draw_info->direction=(DirectionType) ParseCommandOption(
|
||||
MagickDirectionOptions,MagickFalse,option);
|
||||
else
|
||||
draw_info->direction=UndefinedDirection;
|
||||
- option=GetImageOption(clone_info,"encoding");
|
||||
+ option=GetImageOption(draw_info->image_info,"encoding");
|
||||
if (option != (const char *) NULL)
|
||||
(void) CloneString(&draw_info->encoding,option);
|
||||
- option=GetImageOption(clone_info,"family");
|
||||
+ option=GetImageOption(draw_info->image_info,"family");
|
||||
if (option != (const char *) NULL)
|
||||
(void) CloneString(&draw_info->family,option);
|
||||
- option=GetImageOption(clone_info,"fill");
|
||||
+ option=GetImageOption(draw_info->image_info,"fill");
|
||||
if (option != (const char *) NULL)
|
||||
(void) QueryColorDatabase(option,&draw_info->fill,exception);
|
||||
- option=GetImageOption(clone_info,"gravity");
|
||||
+ option=GetImageOption(draw_info->image_info,"gravity");
|
||||
if (option != (const char *) NULL)
|
||||
draw_info->gravity=(GravityType) ParseCommandOption(MagickGravityOptions,
|
||||
MagickFalse,option);
|
||||
- option=GetImageOption(clone_info,"interline-spacing");
|
||||
+ option=GetImageOption(draw_info->image_info,"interline-spacing");
|
||||
if (option != (const char *) NULL)
|
||||
draw_info->interline_spacing=GetDrawValue(option,&next_token);
|
||||
- option=GetImageOption(clone_info,"interword-spacing");
|
||||
+ option=GetImageOption(draw_info->image_info,"interword-spacing");
|
||||
if (option != (const char *) NULL)
|
||||
draw_info->interword_spacing=GetDrawValue(option,&next_token);
|
||||
- option=GetImageOption(clone_info,"kerning");
|
||||
+ option=GetImageOption(draw_info->image_info,"kerning");
|
||||
if (option != (const char *) NULL)
|
||||
draw_info->kerning=GetDrawValue(option,&next_token);
|
||||
- option=GetImageOption(clone_info,"stroke");
|
||||
+ option=GetImageOption(draw_info->image_info,"stroke");
|
||||
if (option != (const char *) NULL)
|
||||
(void) QueryColorDatabase(option,&draw_info->stroke,exception);
|
||||
- option=GetImageOption(clone_info,"strokewidth");
|
||||
+ option=GetImageOption(draw_info->image_info,"strokewidth");
|
||||
if (option != (const char *) NULL)
|
||||
draw_info->stroke_width=GetDrawValue(option,&next_token);
|
||||
- option=GetImageOption(clone_info,"style");
|
||||
+ option=GetImageOption(draw_info->image_info,"style");
|
||||
if (option != (const char *) NULL)
|
||||
draw_info->style=(StyleType) ParseCommandOption(MagickStyleOptions,
|
||||
MagickFalse,option);
|
||||
- option=GetImageOption(clone_info,"undercolor");
|
||||
+ option=GetImageOption(draw_info->image_info,"undercolor");
|
||||
if (option != (const char *) NULL)
|
||||
(void) QueryColorDatabase(option,&draw_info->undercolor,exception);
|
||||
- option=GetImageOption(clone_info,"weight");
|
||||
+ option=GetImageOption(draw_info->image_info,"weight");
|
||||
if (option != (const char *) NULL)
|
||||
{
|
||||
ssize_t
|
||||
@@ -5914,7 +5912,6 @@ MagickExport void GetDrawInfo(const Imag
|
||||
}
|
||||
exception=DestroyExceptionInfo(exception);
|
||||
draw_info->signature=MagickCoreSignature;
|
||||
- clone_info=DestroyImageInfo(clone_info);
|
||||
}
|
||||
|
||||
/*
|
||||
--- imagemagick-6.9.11.60+dfsg.orig/magick/draw.h
|
||||
+++ imagemagick-6.9.11.60+dfsg/magick/draw.h
|
||||
@@ -354,6 +354,9 @@ typedef struct _DrawInfo
|
||||
|
||||
char
|
||||
*id;
|
||||
+
|
||||
+ ImageInfo
|
||||
+ *image_info;
|
||||
} DrawInfo;
|
||||
|
||||
typedef struct _PrimitiveInfo
|
||||
--- imagemagick-6.9.11.60+dfsg.orig/magick/image.c
|
||||
+++ imagemagick-6.9.11.60+dfsg/magick/image.c
|
||||
@@ -1008,6 +1008,7 @@ MagickExport ImageInfo *CloneImageInfo(c
|
||||
clone_info->subimage=image_info->scene; /* deprecated */
|
||||
clone_info->subrange=image_info->number_scenes; /* deprecated */
|
||||
clone_info->channel=image_info->channel;
|
||||
+ clone_info->recursion_depth=image_info->recursion_depth;
|
||||
clone_info->debug=IsEventLogging();
|
||||
clone_info->signature=image_info->signature;
|
||||
return(clone_info);
|
||||
--- imagemagick-6.9.11.60+dfsg.orig/magick/image.h
|
||||
+++ imagemagick-6.9.11.60+dfsg/magick/image.h
|
||||
@@ -499,6 +499,9 @@ struct _ImageInfo
|
||||
|
||||
MagickBooleanType
|
||||
synchronize;
|
||||
+
|
||||
+ size_t
|
||||
+ recursion_depth; /* recursion detection */
|
||||
};
|
||||
|
||||
extern MagickExport ExceptionType
|
|
@ -0,0 +1,21 @@
|
|||
[Ubuntu note: darw.c file exist in "magick" folder instead of "MagickCore" for
|
||||
this release]
|
||||
From c5b23cbf2119540725e6dc81f4deb25798ead6a4 Mon Sep 17 00:00:00 2001
|
||||
From: Cristy <urban-warrior@imagemagick.org>
|
||||
Date: Mon, 6 Mar 2023 15:26:32 -0500
|
||||
Subject: [PATCH] erecursion detection
|
||||
|
||||
---
|
||||
MagickCore/draw.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
--- imagemagick-6.9.11.60+dfsg.orig/magick/draw.c
|
||||
+++ imagemagick-6.9.11.60+dfsg/magick/draw.c
|
||||
@@ -5444,6 +5444,7 @@ MagickExport MagickBooleanType DrawPrimi
|
||||
if (primitive_info->text == (char *) NULL)
|
||||
break;
|
||||
clone_info=AcquireImageInfo();
|
||||
+ clone_info->recursion_depth=draw_info->image_info->recursion_depth;
|
||||
composite_images=(Image *) NULL;
|
||||
if (LocaleNCompare(primitive_info->text,"data:",5) == 0)
|
||||
composite_images=ReadInlineImage(clone_info,primitive_info->text,
|
|
@ -0,0 +1,56 @@
|
|||
[Ubuntu note: this is backport of the original patch having multiple pre-patch
|
||||
changes]
|
||||
From e30c693b37c3b41723f1469d1226a2c814ca443d Mon Sep 17 00:00:00 2001
|
||||
From: Cristy <urban-warrior@imagemagick.org>
|
||||
Date: Sat, 1 Apr 2023 07:32:01 -0400
|
||||
Subject: [PATCH] possible heap buffer overflow
|
||||
(https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247)
|
||||
|
||||
---
|
||||
coders/tiff.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
--- imagemagick-6.9.11.60+dfsg.orig/coders/tiff.c
|
||||
+++ imagemagick-6.9.11.60+dfsg/coders/tiff.c
|
||||
@@ -1872,12 +1872,8 @@ static Image *ReadTIFFImage(const ImageI
|
||||
/*
|
||||
Convert stripped TIFF image.
|
||||
*/
|
||||
- extent=4*TIFFStripSize(tiff);
|
||||
-#if defined(TIFF_VERSION_BIG)
|
||||
- extent+=image->columns*sizeof(uint64);
|
||||
-#else
|
||||
- extent+=image->columns*sizeof(uint32);
|
||||
-#endif
|
||||
+ extent=MagickMax(sizeof(uint32),(samples_per_pixel+extra_samples)*
|
||||
+ (image->depth+7)/8)*image->columns*rows_per_strip;
|
||||
strip_pixels=(unsigned char *) AcquireQuantumMemory(extent,
|
||||
sizeof(*strip_pixels));
|
||||
if (strip_pixels == (unsigned char *) NULL)
|
||||
@@ -1972,12 +1968,8 @@ static Image *ReadTIFFImage(const ImageI
|
||||
number_pixels=(MagickSizeType) columns*rows;
|
||||
if (HeapOverflowSanityCheck(rows,sizeof(*tile_pixels)) != MagickFalse)
|
||||
ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
|
||||
- extent=TIFFTileSize(tiff);
|
||||
-#if defined(TIFF_VERSION_BIG)
|
||||
- extent+=columns*sizeof(uint64);
|
||||
-#else
|
||||
- extent+=columns*sizeof(uint32);
|
||||
-#endif
|
||||
+ extent=4*(samples_per_pixel+1)*MagickMax(rows*TIFFTileRowSize(tiff),
|
||||
+ TIFFTileSize(tiff));
|
||||
tile_pixels=(unsigned char *) AcquireQuantumMemory(extent,
|
||||
sizeof(*tile_pixels));
|
||||
if (tile_pixels == (unsigned char *) NULL)
|
||||
@@ -2071,11 +2063,6 @@ static Image *ReadTIFFImage(const ImageI
|
||||
if (HeapOverflowSanityCheck(image->rows,sizeof(*pixels)) != MagickFalse)
|
||||
ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
|
||||
number_pixels=(MagickSizeType) image->columns*image->rows;
|
||||
-#if defined(TIFF_VERSION_BIG)
|
||||
- number_pixels+=image->columns*sizeof(uint64);
|
||||
-#else
|
||||
- number_pixels+=image->columns*sizeof(uint32);
|
||||
-#endif
|
||||
generic_info=AcquireVirtualMemory(number_pixels,sizeof(*pixels));
|
||||
if (generic_info == (MemoryInfo *) NULL)
|
||||
ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
|
|
@ -0,0 +1,25 @@
|
|||
[Ubuntu note: Backport for this release]
|
||||
From 85a370c79afeb45a97842b0959366af5236e9023 Mon Sep 17 00:00:00 2001
|
||||
From: Cristy <mikayla-grace@urban-warrior.org>
|
||||
Date: Tue, 19 Oct 2021 14:53:41 -0400
|
||||
Subject: [PATCH] fix stack overflow when parsing malicious tiff image
|
||||
|
||||
---
|
||||
ChangeLog | 2 ++
|
||||
coders/tiff.c | 5 +++++
|
||||
2 files changed, 7 insertions(+)
|
||||
|
||||
--- imagemagick-6.9.11.60+dfsg.orig/coders/tiff.c
|
||||
+++ imagemagick-6.9.11.60+dfsg/coders/tiff.c
|
||||
@@ -1970,6 +1970,11 @@ static Image *ReadTIFFImage(const ImageI
|
||||
ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
|
||||
extent=4*(samples_per_pixel+1)*MagickMax(rows*TIFFTileRowSize(tiff),
|
||||
TIFFTileSize(tiff));
|
||||
+#if defined(TIFF_VERSION_BIG)
|
||||
+ extent+=image->columns*sizeof(uint64);
|
||||
+#else
|
||||
+ extent+=image->columns*sizeof(uint32);
|
||||
+#endif
|
||||
tile_pixels=(unsigned char *) AcquireQuantumMemory(extent,
|
||||
sizeof(*tile_pixels));
|
||||
if (tile_pixels == (unsigned char *) NULL)
|
|
@ -0,0 +1,44 @@
|
|||
[Ubuntu note: just adding the required changes for image-private header file]
|
||||
From ca4b4c6d3471ad2d19ccdf12a7380f0628e3ce77 Mon Sep 17 00:00:00 2001
|
||||
From: Cristy <urban-warrior@imagemagick.org>
|
||||
Date: Thu, 13 Apr 2023 11:42:11 -0400
|
||||
Subject: [PATCH] add additional checks for casting double to size_t
|
||||
|
||||
---
|
||||
coders/histogram.c | 6 ++--
|
||||
coders/jpeg.c | 3 +-
|
||||
coders/pcl.c | 4 +--
|
||||
coders/png.c | 16 +++++-----
|
||||
coders/tiff.c | 4 +--
|
||||
coders/txt.c | 4 +--
|
||||
magick/annotate.c | 8 ++---
|
||||
magick/constitute.c | 2 +-
|
||||
magick/draw.c | 66 ++++++++++++++++++++---------------------
|
||||
magick/effect.c | 8 ++---
|
||||
magick/gem.c | 2 +-
|
||||
magick/geometry.c | 32 ++++++++++----------
|
||||
magick/image-private.h | 38 ++++++++++++++++--------
|
||||
magick/image.c | 20 ++++++-------
|
||||
magick/pixel.c | 12 ++++----
|
||||
magick/profile.c | 8 ++---
|
||||
magick/property.c | 4 +--
|
||||
magick/shear.c | 18 +++++------
|
||||
magick/studio.h | 2 --
|
||||
magick/transform.c | 4 +--
|
||||
magick/visual-effects.c | 40 ++++++++++++-------------
|
||||
wand/drawing-wand.c | 8 ++---
|
||||
wand/studio.h | 2 --
|
||||
23 files changed, 161 insertions(+), 150 deletions(-)
|
||||
|
||||
--- imagemagick-6.9.11.60+dfsg.orig/magick/image-private.h
|
||||
+++ imagemagick-6.9.11.60+dfsg/magick/image-private.h
|
||||
@@ -41,6 +41,9 @@ extern "C" {
|
||||
#define MagickSQ1_2 0.70710678118654752440084436210484903928483593768847
|
||||
#define MagickSQ2 1.41421356237309504880168872420969807856967187537695
|
||||
#define MagickSQ2PI 2.50662827463100024161235523934010416269302368164062
|
||||
+#define MAGICK_SIZE_MAX (SIZE_MAX)
|
||||
+#define MAGICK_SSIZE_MAX (SSIZE_MAX)
|
||||
+#define MAGICK_SSIZE_MIN (-(SSIZE_MAX)-1)
|
||||
#define MatteColor "#bdbdbd" /* gray */
|
||||
#define PSDensityGeometry "72.0x72.0"
|
||||
#define PSPageGeometry "612x792"
|
|
@ -0,0 +1,62 @@
|
|||
[Ubuntu note: Just add the required changes from this patch which is to
|
||||
introduce new method called CastDoubleToUnsigned() for this release]
|
||||
From 0b8553cd2042438dde215c7e8cd21e1d7307f813 Mon Sep 17 00:00:00 2001
|
||||
From: Cristy <urban-warrior@imagemagick.org>
|
||||
Date: Sat, 15 Apr 2023 09:44:37 -0400
|
||||
Subject: [PATCH] improved range checking
|
||||
|
||||
---
|
||||
coders/histogram.c | 6 ++--
|
||||
coders/icon.c | 3 +-
|
||||
coders/pcd.c | 1 +
|
||||
coders/pcl.c | 4 +--
|
||||
coders/png.c | 17 +++++-----
|
||||
coders/tiff.c | 4 +--
|
||||
coders/txt.c | 4 +--
|
||||
configure | 4 +--
|
||||
magick/annotate.c | 8 ++---
|
||||
magick/constitute.c | 2 +-
|
||||
magick/draw.c | 66 +++++++++++++++++++--------------------
|
||||
magick/effect.c | 8 ++---
|
||||
magick/gem.c | 2 +-
|
||||
magick/geometry.c | 24 +++++++-------
|
||||
magick/image-private.h | 69 ++++++++++++++++++++++++++++-------------
|
||||
magick/image.c | 20 ++++++------
|
||||
magick/pixel.c | 12 +++----
|
||||
magick/profile.c | 8 ++---
|
||||
magick/property.c | 4 +--
|
||||
magick/shear.c | 18 +++++------
|
||||
magick/transform.c | 4 +--
|
||||
magick/visual-effects.c | 40 ++++++++++++------------
|
||||
wand/drawing-wand.c | 8 ++---
|
||||
23 files changed, 181 insertions(+), 155 deletions(-)
|
||||
|
||||
--- imagemagick-6.9.11.60+dfsg.orig/magick/image-private.h
|
||||
+++ imagemagick-6.9.11.60+dfsg/magick/image-private.h
|
||||
@@ -61,6 +61,26 @@ static inline ssize_t CastDoubleToLong(c
|
||||
return((ssize_t) value);
|
||||
}
|
||||
|
||||
+static inline size_t CastDoubleToUnsigned(const double x)
|
||||
+{
|
||||
+ if (IsNaN(x) != 0)
|
||||
+ {
|
||||
+ errno=ERANGE;
|
||||
+ return(0);
|
||||
+ }
|
||||
+ if (floor(x) > ((double) MAGICK_SSIZE_MAX-1))
|
||||
+ {
|
||||
+ errno=ERANGE;
|
||||
+ return((size_t) MAGICK_SIZE_MAX);
|
||||
+ }
|
||||
+ if (ceil(x) < 0.0)
|
||||
+ {
|
||||
+ errno=ERANGE;
|
||||
+ return(0);
|
||||
+ }
|
||||
+ return((size_t) x);
|
||||
+}
|
||||
+
|
||||
static inline double DegreesToRadians(const double degrees)
|
||||
{
|
||||
return((double) (MagickPI*degrees/180.0));
|
|
@ -0,0 +1,281 @@
|
|||
From 133089f716f23ce0b80d89ccc1fd680960235512 Mon Sep 17 00:00:00 2001
|
||||
From: Cristy <urban-warrior@imagemagick.org>
|
||||
Date: Wed, 17 May 2023 21:06:18 -0400
|
||||
Subject: [PATCH] properly cast double to size_t
|
||||
(https://github.com/ImageMagick/ImageMagick/issues/6341)
|
||||
|
||||
---
|
||||
coders/caption.c | 10 +++++-----
|
||||
coders/label.c | 10 +++++-----
|
||||
coders/pcl.c | 4 ++--
|
||||
coders/pdf.c | 4 ++--
|
||||
coders/ps.c | 4 ++--
|
||||
coders/ps2.c | 4 ++--
|
||||
coders/ps3.c | 4 ++--
|
||||
coders/svg.c | 4 ++--
|
||||
magick/annotate.c | 4 ++--
|
||||
magick/draw.c | 8 ++++----
|
||||
magick/geometry.c | 4 ++--
|
||||
magick/shear.c | 10 +++++-----
|
||||
magick/visual-effects.c | 4 ++--
|
||||
13 files changed, 37 insertions(+), 37 deletions(-)
|
||||
|
||||
--- imagemagick-6.9.11.60+dfsg.orig/coders/caption.c
|
||||
+++ imagemagick-6.9.11.60+dfsg/coders/caption.c
|
||||
@@ -154,7 +154,7 @@ static Image *ReadCAPTIONImage(const Ima
|
||||
return(DestroyImageList(image));
|
||||
(void) SetImageProperty(image,"caption",caption);
|
||||
draw_info=CloneDrawInfo(image_info,(DrawInfo *) NULL);
|
||||
- width=(size_t) floor(draw_info->pointsize*strlen(caption)+0.5);
|
||||
+ width=CastDoubleToUnsigned(draw_info->pointsize*strlen(caption)+0.5);
|
||||
if (AcquireMagickResource(WidthResource,width) == MagickFalse)
|
||||
{
|
||||
caption=DestroyString(caption);
|
||||
@@ -239,8 +239,8 @@ static Image *ReadCAPTIONImage(const Ima
|
||||
status=GetMultilineTypeMetrics(image,draw_info,&metrics);
|
||||
if (status == MagickFalse)
|
||||
break;
|
||||
- width=(size_t) floor(metrics.width+draw_info->stroke_width+0.5);
|
||||
- height=(size_t) floor(metrics.height+draw_info->interline_spacing+
|
||||
+ width=CastDoubleToUnsigned(metrics.width+draw_info->stroke_width+0.5);
|
||||
+ height=CastDoubleToUnsigned(metrics.height+draw_info->interline_spacing+
|
||||
draw_info->stroke_width+0.5);
|
||||
if ((image->columns != 0) && (image->rows != 0))
|
||||
{
|
||||
@@ -267,8 +267,8 @@ static Image *ReadCAPTIONImage(const Ima
|
||||
status=GetMultilineTypeMetrics(image,draw_info,&metrics);
|
||||
if (status == MagickFalse)
|
||||
break;
|
||||
- width=(size_t) floor(metrics.width+draw_info->stroke_width+0.5);
|
||||
- height=(size_t) floor(metrics.height+draw_info->interline_spacing+
|
||||
+ width=CastDoubleToUnsigned(metrics.width+draw_info->stroke_width+0.5);
|
||||
+ height=CastDoubleToUnsigned(metrics.height+draw_info->interline_spacing+
|
||||
draw_info->stroke_width+0.5);
|
||||
if ((image->columns != 0) && (image->rows != 0))
|
||||
{
|
||||
--- imagemagick-6.9.11.60+dfsg.orig/coders/label.c
|
||||
+++ imagemagick-6.9.11.60+dfsg/coders/label.c
|
||||
@@ -135,7 +135,7 @@ static Image *ReadLABELImage(const Image
|
||||
return(DestroyImageList(image));
|
||||
(void) SetImageProperty(image,"label",label);
|
||||
draw_info=CloneDrawInfo(image_info,(DrawInfo *) NULL);
|
||||
- width=(size_t) floor(draw_info->pointsize*strlen(label)+0.5);
|
||||
+ width=CastDoubleToUnsigned(draw_info->pointsize*strlen(label)+0.5);
|
||||
if (AcquireMagickResource(WidthResource,width) == MagickFalse)
|
||||
{
|
||||
label=DestroyString(label);
|
||||
@@ -174,8 +174,8 @@ static Image *ReadLABELImage(const Image
|
||||
status=GetMultilineTypeMetrics(image,draw_info,&metrics);
|
||||
if (status == MagickFalse)
|
||||
break;
|
||||
- width=(size_t) floor(metrics.width+draw_info->stroke_width+0.5);
|
||||
- height=(size_t) floor(metrics.height+draw_info->stroke_width+0.5);
|
||||
+ width=CastDoubleToUnsigned(metrics.width+draw_info->stroke_width+0.5);
|
||||
+ height=CastDoubleToUnsigned(metrics.height+draw_info->stroke_width+0.5);
|
||||
if ((image->columns != 0) && (image->rows != 0))
|
||||
{
|
||||
if ((width >= image->columns) && (height >= image->rows))
|
||||
@@ -204,8 +204,8 @@ static Image *ReadLABELImage(const Image
|
||||
status=GetMultilineTypeMetrics(image,draw_info,&metrics);
|
||||
if (status == MagickFalse)
|
||||
break;
|
||||
- width=(size_t) floor(metrics.width+draw_info->stroke_width+0.5);
|
||||
- height=(size_t) floor(metrics.height+draw_info->stroke_width+0.5);
|
||||
+ width=CastDoubleToUnsigned(metrics.width+draw_info->stroke_width+0.5);
|
||||
+ height=CastDoubleToUnsigned(metrics.height+draw_info->stroke_width+0.5);
|
||||
if ((image->columns != 0) && (image->rows != 0))
|
||||
{
|
||||
if ((width < image->columns) && (height < image->rows))
|
||||
--- imagemagick-6.9.11.60+dfsg.orig/coders/pcl.c
|
||||
+++ imagemagick-6.9.11.60+dfsg/coders/pcl.c
|
||||
@@ -333,9 +333,9 @@ static Image *ReadPCLImage(const ImageIn
|
||||
image->x_resolution,image->y_resolution);
|
||||
if (image_info->ping != MagickFalse)
|
||||
(void) FormatLocaleString(density,MagickPathExtent,"2.0x2.0");
|
||||
- page.width=(size_t) floor((double) page.width*image->x_resolution/delta.x+
|
||||
+ page.width=CastDoubleToUnsigned((double) page.width*image->x_resolution/delta.x+
|
||||
0.5);
|
||||
- page.height=(size_t) floor((double) page.height*image->y_resolution/delta.y+
|
||||
+ page.height=CastDoubleToUnsigned((double) page.height*image->y_resolution/delta.y+
|
||||
0.5);
|
||||
(void) FormatLocaleString(options,MaxTextExtent,"-g%.20gx%.20g ",(double)
|
||||
page.width,(double) page.height);
|
||||
--- imagemagick-6.9.11.60+dfsg.orig/coders/pdf.c
|
||||
+++ imagemagick-6.9.11.60+dfsg/coders/pdf.c
|
||||
@@ -1587,9 +1587,9 @@ static MagickBooleanType WritePDFImage(c
|
||||
(void) ParseMetaGeometry(page_geometry,&geometry.x,&geometry.y,
|
||||
&geometry.width,&geometry.height);
|
||||
scale.x=(double) (geometry.width*delta.x)/resolution.x;
|
||||
- geometry.width=(size_t) floor(scale.x+0.5);
|
||||
+ geometry.width=CastDoubleToUnsigned(scale.x+0.5);
|
||||
scale.y=(double) (geometry.height*delta.y)/resolution.y;
|
||||
- geometry.height=(size_t) floor(scale.y+0.5);
|
||||
+ geometry.height=CastDoubleToUnsigned(scale.y+0.5);
|
||||
(void) ParseAbsoluteGeometry(page_geometry,&media_info);
|
||||
(void) ParseGravityGeometry(image,page_geometry,&page_info,
|
||||
&image->exception);
|
||||
--- imagemagick-6.9.11.60+dfsg.orig/coders/ps.c
|
||||
+++ imagemagick-6.9.11.60+dfsg/coders/ps.c
|
||||
@@ -1502,9 +1502,9 @@ static MagickBooleanType WritePSImage(co
|
||||
(void) ParseMetaGeometry(page_geometry,&geometry.x,&geometry.y,
|
||||
&geometry.width,&geometry.height);
|
||||
scale.x=PerceptibleReciprocal(resolution.x)*geometry.width*delta.x;
|
||||
- geometry.width=(size_t) floor(scale.x+0.5);
|
||||
+ geometry.width=CastDoubleToUnsigned(scale.x+0.5);
|
||||
scale.y=PerceptibleReciprocal(resolution.y)*geometry.height*delta.y;
|
||||
- geometry.height=(size_t) floor(scale.y+0.5);
|
||||
+ geometry.height=CastDoubleToUnsigned(scale.y+0.5);
|
||||
(void) ParseAbsoluteGeometry(page_geometry,&media_info);
|
||||
(void) ParseGravityGeometry(image,page_geometry,&page_info,
|
||||
&image->exception);
|
||||
--- imagemagick-6.9.11.60+dfsg.orig/coders/ps2.c
|
||||
+++ imagemagick-6.9.11.60+dfsg/coders/ps2.c
|
||||
@@ -533,9 +533,9 @@ static MagickBooleanType WritePS2Image(c
|
||||
(void) ParseMetaGeometry(page_geometry,&geometry.x,&geometry.y,
|
||||
&geometry.width,&geometry.height);
|
||||
scale.x=PerceptibleReciprocal(resolution.x)*geometry.width*delta.x;
|
||||
- geometry.width=(size_t) floor(scale.x+0.5);
|
||||
+ geometry.width=CastDoubleToUnsigned(scale.x+0.5);
|
||||
scale.y=PerceptibleReciprocal(resolution.y)*geometry.height*delta.y;
|
||||
- geometry.height=(size_t) floor(scale.y+0.5);
|
||||
+ geometry.height=CastDoubleToUnsigned(scale.y+0.5);
|
||||
(void) ParseAbsoluteGeometry(page_geometry,&media_info);
|
||||
(void) ParseGravityGeometry(image,page_geometry,&page_info,
|
||||
&image->exception);
|
||||
--- imagemagick-6.9.11.60+dfsg.orig/coders/ps3.c
|
||||
+++ imagemagick-6.9.11.60+dfsg/coders/ps3.c
|
||||
@@ -980,9 +980,9 @@ static MagickBooleanType WritePS3Image(c
|
||||
(void) ParseMetaGeometry(page_geometry,&geometry.x,&geometry.y,
|
||||
&geometry.width,&geometry.height);
|
||||
scale.x=PerceptibleReciprocal(resolution.x)*geometry.width*delta.x;
|
||||
- geometry.width=(size_t) floor(scale.x+0.5);
|
||||
+ geometry.width=CastDoubleToUnsigned(scale.x+0.5);
|
||||
scale.y=PerceptibleReciprocal(resolution.y)*geometry.height*delta.y;
|
||||
- geometry.height=(size_t) floor(scale.y+0.5);
|
||||
+ geometry.height=CastDoubleToUnsigned(scale.y+0.5);
|
||||
(void) ParseAbsoluteGeometry(page_geometry,&media_info);
|
||||
(void) ParseGravityGeometry(image,page_geometry,&page_info,
|
||||
&image->exception);
|
||||
--- imagemagick-6.9.11.60+dfsg.orig/coders/svg.c
|
||||
+++ imagemagick-6.9.11.60+dfsg/coders/svg.c
|
||||
@@ -2519,10 +2519,10 @@ static void SVGStartElement(void *contex
|
||||
svg_info->view_box=svg_info->bounds;
|
||||
svg_info->width=0;
|
||||
if (svg_info->bounds.width > 0.0)
|
||||
- svg_info->width=(size_t) floor(svg_info->bounds.width+0.5);
|
||||
+ svg_info->width=CastDoubleToUnsigned(svg_info->bounds.width+0.5);
|
||||
svg_info->height=0;
|
||||
if (svg_info->bounds.height > 0.0)
|
||||
- svg_info->height=(size_t) floor(svg_info->bounds.height+0.5);
|
||||
+ svg_info->height=CastDoubleToUnsigned(svg_info->bounds.height+0.5);
|
||||
(void) FormatLocaleFile(svg_info->file,"viewbox 0 0 %.20g %.20g\n",
|
||||
(double) svg_info->width,(double) svg_info->height);
|
||||
sx=PerceptibleReciprocal(svg_info->view_box.width)*svg_info->width;
|
||||
--- imagemagick-6.9.11.60+dfsg.orig/magick/annotate.c
|
||||
+++ imagemagick-6.9.11.60+dfsg/magick/annotate.c
|
||||
@@ -325,7 +325,7 @@ MagickExport MagickBooleanType AnnotateI
|
||||
(void) CloneString(&annotate->text,textlist[i]);
|
||||
if ((metrics.width == 0) || (annotate->gravity != NorthWestGravity))
|
||||
(void) GetTypeMetrics(image,annotate,&metrics);
|
||||
- height=(size_t) floor(metrics.ascent-metrics.descent+0.5);
|
||||
+ height=CastDoubleToUnsigned(metrics.ascent-metrics.descent+0.5);
|
||||
if (height == 0)
|
||||
height=draw_info->pointsize;
|
||||
height+=(size_t) floor(draw_info->interline_spacing+0.5);
|
||||
@@ -610,7 +610,7 @@ MagickExport ssize_t FormatMagickCaption
|
||||
status=GetTypeMetrics(image,draw_info,metrics);
|
||||
if (status == MagickFalse)
|
||||
break;
|
||||
- width=(size_t) floor(metrics->width+draw_info->stroke_width+0.5);
|
||||
+ width=CastDoubleToUnsigned(metrics->width+draw_info->stroke_width+0.5);
|
||||
if (width <= image->columns)
|
||||
continue;
|
||||
if (s != (char *) NULL)
|
||||
--- imagemagick-6.9.11.60+dfsg.orig/magick/draw.c
|
||||
+++ imagemagick-6.9.11.60+dfsg/magick/draw.c
|
||||
@@ -3447,14 +3447,14 @@ static MagickBooleanType RenderMVGConten
|
||||
(void) GetNextToken(q,&q,extent,token);
|
||||
if (*token == ',')
|
||||
(void) GetNextToken(q,&q,extent,token);
|
||||
- bounds.width=(size_t) floor(GetDrawValue(token,&next_token)+
|
||||
+ bounds.width=CastDoubleToUnsigned(GetDrawValue(token,&next_token)+
|
||||
0.5);
|
||||
if (token == next_token)
|
||||
ThrowPointExpectedException(image,token);
|
||||
(void) GetNextToken(q,&q,extent,token);
|
||||
if (*token == ',')
|
||||
(void) GetNextToken(q,&q,extent,token);
|
||||
- bounds.height=(size_t) floor(GetDrawValue(token,&next_token)+
|
||||
+ bounds.height=CastDoubleToUnsigned(GetDrawValue(token,&next_token)+
|
||||
0.5);
|
||||
if (token == next_token)
|
||||
ThrowPointExpectedException(image,token);
|
||||
@@ -3859,14 +3859,14 @@ static MagickBooleanType RenderMVGConten
|
||||
(void) GetNextToken(q,&q,extent,token);
|
||||
if (*token == ',')
|
||||
(void) GetNextToken(q,&q,extent,token);
|
||||
- graphic_context[n]->viewbox.width=(size_t) floor(GetDrawValue(
|
||||
+ graphic_context[n]->viewbox.width=CastDoubleToUnsigned(GetDrawValue(
|
||||
token,&next_token)+0.5);
|
||||
if (token == next_token)
|
||||
ThrowPointExpectedException(image,token);
|
||||
(void) GetNextToken(q,&q,extent,token);
|
||||
if (*token == ',')
|
||||
(void) GetNextToken(q,&q,extent,token);
|
||||
- graphic_context[n]->viewbox.height=(size_t) floor(GetDrawValue(
|
||||
+ graphic_context[n]->viewbox.height=CastDoubleToUnsigned(GetDrawValue(
|
||||
token,&next_token)+0.5);
|
||||
if (token == next_token)
|
||||
ThrowPointExpectedException(image,token);
|
||||
--- imagemagick-6.9.11.60+dfsg.orig/magick/geometry.c
|
||||
+++ imagemagick-6.9.11.60+dfsg/magick/geometry.c
|
||||
@@ -1411,8 +1411,8 @@ MagickExport MagickStatusType ParseMetaG
|
||||
scale.y=geometry_info.sigma;
|
||||
if ((flags & SigmaValue) == 0)
|
||||
scale.y=scale.x;
|
||||
- *width=(size_t) floor(scale.x*former_width/100.0+0.5);
|
||||
- *height=(size_t) floor(scale.y*former_height/100.0+0.5);
|
||||
+ *width=CastDoubleToUnsigned(scale.x*former_width/100.0+0.5);
|
||||
+ *height=CastDoubleToUnsigned(scale.y*former_height/100.0+0.5);
|
||||
former_width=(*width);
|
||||
former_height=(*height);
|
||||
}
|
||||
--- imagemagick-6.9.11.60+dfsg.orig/magick/shear.c
|
||||
+++ imagemagick-6.9.11.60+dfsg/magick/shear.c
|
||||
@@ -166,8 +166,8 @@ static MagickBooleanType CropToFitImage(
|
||||
}
|
||||
geometry.x=CastDoubleToLong(ceil(min.x-0.5));
|
||||
geometry.y=CastDoubleToLong(ceil(min.y-0.5));
|
||||
- geometry.width=(size_t) floor(max.x-min.x+0.5);
|
||||
- geometry.height=(size_t) floor(max.y-min.y+0.5);
|
||||
+ geometry.width=CastDoubleToUnsigned(max.x-min.x+0.5);
|
||||
+ geometry.height=CastDoubleToUnsigned(max.y-min.y+0.5);
|
||||
page=(*image)->page;
|
||||
(void) ParseAbsoluteGeometry("0x0+0+0",&(*image)->page);
|
||||
crop_image=CropImage(*image,&geometry,exception);
|
||||
@@ -1787,9 +1787,9 @@ MagickExport Image *ShearRotateImage(con
|
||||
*/
|
||||
width=integral_image->columns;
|
||||
height=integral_image->rows;
|
||||
- bounds.width=(size_t) floor(fabs((double) height*shear.x)+width+0.5);
|
||||
- bounds.height=(size_t) floor(fabs((double) bounds.width*shear.y)+height+0.5);
|
||||
- shear_width=(size_t) floor(fabs((double) bounds.height*shear.x)+
|
||||
+ bounds.width=CastDoubleToUnsigned(fabs((double) height*shear.x)+width+0.5);
|
||||
+ bounds.height=CastDoubleToUnsigned(fabs((double) bounds.width*shear.y)+height+0.5);
|
||||
+ shear_width=CastDoubleToUnsigned(fabs((double) bounds.height*shear.x)+
|
||||
bounds.width+0.5);
|
||||
bounds.x=CastDoubleToLong(floor((double) ((shear_width > bounds.width) ?
|
||||
width : bounds.width-shear_width+2)/2.0+0.5));
|
||||
--- imagemagick-6.9.11.60+dfsg.orig/magick/visual-effects.c
|
||||
+++ imagemagick-6.9.11.60+dfsg/magick/visual-effects.c
|
||||
@@ -2052,8 +2052,8 @@ MagickExport Image *ShadowImage(const Im
|
||||
(void) SetImageColorspace(clone_image,sRGBColorspace);
|
||||
(void) SetImageVirtualPixelMethod(clone_image,EdgeVirtualPixelMethod);
|
||||
clone_image->compose=OverCompositeOp;
|
||||
- border_info.width=(size_t) floor(2.0*sigma+0.5);
|
||||
- border_info.height=(size_t) floor(2.0*sigma+0.5);
|
||||
+ border_info.width=CastDoubleToUnsigned(2.0*sigma+0.5);
|
||||
+ border_info.height=CastDoubleToUnsigned(2.0*sigma+0.5);
|
||||
border_info.x=0;
|
||||
border_info.y=0;
|
||||
(void) QueryColorDatabase("none",&clone_image->border_color,exception);
|
|
@ -0,0 +1,21 @@
|
|||
From 0d00400727170b0540a355a1bc52787bc7bcdea5 Mon Sep 17 00:00:00 2001
|
||||
From: Cristy <urban-warrior@imagemagick.org>
|
||||
Date: Mon, 26 Jun 2023 19:39:43 -0400
|
||||
Subject: [PATCH] heap-buffer-overflow in ImageMagick <= 7.1.1-12, contributed
|
||||
by Hardik shah of Vehere (Dawn Treaders team)
|
||||
|
||||
---
|
||||
coders/tiff.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
--- imagemagick-6.9.11.60+dfsg.orig/coders/tiff.c
|
||||
+++ imagemagick-6.9.11.60+dfsg/coders/tiff.c
|
||||
@@ -1968,7 +1968,7 @@ static Image *ReadTIFFImage(const ImageI
|
||||
number_pixels=(MagickSizeType) columns*rows;
|
||||
if (HeapOverflowSanityCheck(rows,sizeof(*tile_pixels)) != MagickFalse)
|
||||
ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
|
||||
- extent=4*(samples_per_pixel+1)*MagickMax(rows*TIFFTileRowSize(tiff),
|
||||
+ extent=4*(samples_per_pixel+1)*MagickMax((rows+1)*TIFFTileRowSize(tiff),
|
||||
TIFFTileSize(tiff));
|
||||
#if defined(TIFF_VERSION_BIG)
|
||||
extent+=image->columns*sizeof(uint64);
|
|
@ -38,3 +38,12 @@ CVE-2022-28463.patch
|
|||
CVE-2022-32545.patch
|
||||
CVE-2022-32546.patch
|
||||
CVE-2022-32547.patch
|
||||
CVE-2021-3610.patch
|
||||
CVE-2023-1289-prepatch.patch
|
||||
CVE-2023-1289.patch
|
||||
CVE-2023-1906.patch
|
||||
CVE-2023-3195.patch
|
||||
CVE-2023-34151-prepatch.patch
|
||||
CVE-2023-34151-prepatch-2.patch
|
||||
CVE-2023-34151.patch
|
||||
CVE-2023-3428.patch
|
||||
|
|
Loading…
Reference in New Issue