diff --git a/SOURCES/advancecomp-1.15-CVE-2019-9210-integer-overflow-in-png_compress.patch b/SOURCES/advancecomp-1.15-CVE-2019-9210-integer-overflow-in-png_compress.patch new file mode 100644 index 0000000..6ac6439 --- /dev/null +++ b/SOURCES/advancecomp-1.15-CVE-2019-9210-integer-overflow-in-png_compress.patch @@ -0,0 +1,15 @@ +diff -up advancecomp-1.15/lib/png.c.me advancecomp-1.15/lib/png.c +--- advancecomp-1.15/lib/png.c.me 2019-06-11 13:17:33.265490986 +0200 ++++ advancecomp-1.15/lib/png.c 2019-06-11 13:21:50.655818111 +0200 +@@ -656,6 +656,11 @@ adv_error adv_png_read_ihdr( + } + *pix_pixel = pixel; + ++ if (width_align < width) { ++ error_unsupported_set("Invalid image size"); ++ goto err; ++ } ++ + if (data[10] != 0) { /* compression */ + error_unsupported_set("Unsupported compression, %d instead of 0", (unsigned)data[10]); + goto err; diff --git a/SPECS/advancecomp.spec b/SPECS/advancecomp.spec index dc86cb8..3068853 100644 --- a/SPECS/advancecomp.spec +++ b/SPECS/advancecomp.spec @@ -1,13 +1,14 @@ Summary: Recompression utilities for .PNG, .MNG and .ZIP files Name: advancecomp Version: 1.15 -Release: 21%{?dist} +Release: 22%{?dist} License: GPLv2+ Group: Applications/Emulators URL: http://advancemame.sourceforge.net/ Source: http://downloads.sf.net/advancemame/advancecomp-%{version}.tar.gz Patch0: advancecomp-1.15-CVE-2019-8379.patch Patch1: advancecomp-1.15-CVE-2019-8383.patch +Patch2: advancecomp-1.15-CVE-2019-9210-integer-overflow-in-png_compress.patch BuildRequires: zlib-devel %description @@ -21,7 +22,7 @@ The main features are : %setup -q %patch0 -p1 -b .CVE-2019-8379 %patch1 -p1 -b .CVE-2019-8383 - +%patch2 -p1 -b .CVE-2019-9210-integer-overflow-in-png_compress %build %configure @@ -40,6 +41,9 @@ make install DESTDIR=%{buildroot} %changelog +* Mon Jul 29 2019 Than Ngo - 1.15-22 +- Resolves: #1686115, integer overflow in png_compress + * Fri May 17 2019 Than Ngo - 1.15-21 - Resolves: #1711051, CVE-2019-8383 denial of service - Resolves: #1710910, CVE-2019-8379 null pointer dereference