[freeimage] 01/03: Fix integer overflow in the ljpeg_start function CVE-2015-3885. (Closes: #786790)

Anton Gladky gladk at moszumanska.debian.org
Mon Jan 18 07:35:38 UTC 2016 

This is an automated email from the git hooks/post-receive script.

gladk pushed a commit to branch debian/jessie
in repository freeimage.

commit f51f898035ef1520920ba2fb8946ae7d5e1c4e8d
Author: Anton Gladky <gladk at debian.org>
Date:   Thu Oct 29 23:14:50 2015 +0100

    Fix integer overflow in the ljpeg_start function CVE-2015-3885. (Closes: #786790)
---
 .../fix_Integer_overflow_in_ljpeg_start.patch      | 34 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 2 files changed, 35 insertions(+)

diff --git a/debian/patches/fix_Integer_overflow_in_ljpeg_start.patch b/debian/patches/fix_Integer_overflow_in_ljpeg_start.patch
new file mode 100644
index 0000000..3b84e80
--- /dev/null
+++ b/debian/patches/fix_Integer_overflow_in_ljpeg_start.patch
@@ -0,0 +1,34 @@
+Description: Fix integer overflow in the ljpeg_start function in dcraw
+Author: Alex Tutubalin <lexa at lexa.ru>
+Bug-Debian: https://bugs.debian.org/786790
+Origin: https://github.com/LibRaw/LibRaw/commit/4606c28f494a750892c5c1ac7903e62dd1c6fdb5
+        https://github.com/rawstudio/rawstudio/commit/983bda1f0fa5fa86884381208274198a620f006e
+Bug: https://security-tracker.debian.org/tracker/CVE-2015-3885
+Bug: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3885
+Reviewed-By: Anton Gladky <gladk at debian.org>
+Last-Update: 2015-10-29
+
+--- freeimage-3.15.4.orig/Source/LibRawLite/dcraw/dcraw.c
++++ freeimage-3.15.4/Source/LibRawLite/dcraw/dcraw.c
+@@ -768,7 +768,8 @@ struct jhead {
+ 
+ int CLASS ljpeg_start (struct jhead *jh, int info_only)
+ {
+-  int c, tag, len;
++  int c, tag;
++  ushort len;
+   uchar data[0x10000];
+   const uchar *dp;
+ 
+--- freeimage-3.15.4.orig/Source/LibRawLite/internal/dcraw_common.cpp
++++ freeimage-3.15.4/Source/LibRawLite/internal/dcraw_common.cpp
+@@ -630,7 +630,8 @@ void CLASS canon_compressed_load_raw()
+ 
+ int CLASS ljpeg_start (struct jhead *jh, int info_only)
+ {
+-  int c, tag, len;
++  int c, tag;
++  ushort len;
+   uchar data[0x10000];
+   const uchar *dp;
+ 
diff --git a/debian/patches/series b/debian/patches/series
index bd4223a..72d1912 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -5,3 +5,4 @@ tag_truncation.patch
 fix-big-endian-detection.patch
 build_using_libjpeg62_transupp.c.patch
 fix_integer_overflow.patch
+fix_Integer_overflow_in_ljpeg_start.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-science/packages/freeimage.git

More information about the debian-science-commits mailing list