From c807fff10e8aa2c75a1244cf378d43c8d4971837 Mon Sep 17 00:00:00 2001 From: tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> Date: Sat, 15 Nov 2025 11:09:13 +0800 Subject: [PATCH] [CVE] CVE-2025-59800 to #26342 add patch to fix CVE-2025-59800 Project: TC2024080204 Signed-off-by: tomcruiseqi --- 3-bugfix-for-CVE-2025-59800.patch | 32 +++++++++++++++++++++++++++++++ ghostscript.spec | 8 +++++++- 2 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 3-bugfix-for-CVE-2025-59800.patch diff --git a/3-bugfix-for-CVE-2025-59800.patch b/3-bugfix-for-CVE-2025-59800.patch new file mode 100644 index 0000000..696f7c2 --- /dev/null +++ b/3-bugfix-for-CVE-2025-59800.patch @@ -0,0 +1,32 @@ +From 176cf0188a2294bc307b8caec876f39412e58350 Mon Sep 17 00:00:00 2001 +From: Ken Sharp +Date: Tue, 1 Jul 2025 10:31:17 +0100 +Subject: [PATCH] PDF OCR 8 bit device - avoid overflow + +Bug 708602 "Heap overflow in ocr_line8" + +Make sure the calculation of the required raster size does not overflow +an int. +--- + devices/gdevpdfocr.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/devices/gdevpdfocr.c b/devices/gdevpdfocr.c +index f27dc11db0..6362f41041 100644 +--- a/devices/gdevpdfocr.c ++++ b/devices/gdevpdfocr.c +@@ -521,9 +521,12 @@ ocr_line32(gx_device_pdf_image *dev, void *row) + static int + ocr_begin_page(gx_device_pdf_image *dev, int w, int h, int bpp) + { +- int raster = (w+3)&~3; ++ int64_t raster = (w + 3) & ~3; + +- dev->ocr.data = gs_alloc_bytes(dev->memory, raster * h, "ocr_begin_page"); ++ raster = raster * (int64_t)h; ++ if (raster < 0 || raster > max_size_t) ++ return gs_note_error(gs_error_VMerror); ++ dev->ocr.data = gs_alloc_bytes(dev->memory, raster, "ocr_begin_page"); + if (dev->ocr.data == NULL) + return_error(gs_error_VMerror); + dev->ocr.w = w; diff --git a/ghostscript.spec b/ghostscript.spec index 46e8616..08493d1 100644 --- a/ghostscript.spec +++ b/ghostscript.spec @@ -1,4 +1,4 @@ -%define anolis_release 3 +%define anolis_release 4 %global _hardened_build 1 %global _docdir_fmt %{name} @@ -39,6 +39,9 @@ Patch1: 1-bugfix-for-CVE-2025-59799.patch # https://github.com/ArtifexSoftware/ghostpdl/commit/0cae41b23a9669e801211dd4cf97b6dadd6dbdd7.patch Patch2: 2-bugfix-for-CVE-2025-59798.patch +# https://github.com/ArtifexSoftware/ghostpdl/commit/176cf0188a2294bc307b8caec876f39412e58350.patch +Patch3: 3-bugfix-for-CVE-2025-59800.patch + %description Ghostscript is an interpreter for PostScript® and Portable Document Format (PDF) files. @@ -232,6 +235,9 @@ install -m 0755 -d %{buildroot}%{_datadir}/%{name}/conf.d/ %changelog +* Sat Nov 15 2025 tomcruiseqi - 10.05.1-4 +- Fix CVE-2025-59800 + * Wed Nov 12 2025 tomcruiseqi - 10.05.1-3 - Fix CVE-2025-59798 -- Gitee