diff options
| author | Ankur Tyagi <ankur.tyagi85@gmail.com> | 2026-05-13 17:04:47 +1200 |
|---|---|---|
| committer | Anuj Mittal <anuj.mittal@oss.qualcomm.com> | 2026-05-21 08:57:46 +0530 |
| commit | 100da99a04bff89f53822c220e223298cb780f66 (patch) | |
| tree | e1ff040d4609839ca85faa2ee5c72772544bbbf1 | |
| parent | 49a682f2eda7d3405347fe9665d435b04fd9cfa3 (diff) | |
| download | meta-openembedded-100da99a04bff89f53822c220e223298cb780f66.tar.gz | |
lcms: patch CVE-2026-42798
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-42798
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
| -rw-r--r-- | meta-oe/recipes-support/lcms/lcms/CVE-2026-42798.patch | 38 | ||||
| -rw-r--r-- | meta-oe/recipes-support/lcms/lcms_2.16.bb | 1 |
2 files changed, 39 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/lcms/lcms/CVE-2026-42798.patch b/meta-oe/recipes-support/lcms/lcms/CVE-2026-42798.patch new file mode 100644 index 0000000000..1fc3b0ca6d --- /dev/null +++ b/meta-oe/recipes-support/lcms/lcms/CVE-2026-42798.patch | |||
| @@ -0,0 +1,38 @@ | |||
| 1 | From e5638450eafbe2e79b4dbbf9fcbc47998cf35427 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Marti Maria <marti.maria@littlecms.com> | ||
| 3 | Date: Thu, 19 Feb 2026 08:48:50 +0100 | ||
| 4 | Subject: [PATCH] Fix for ParseCube integer overflow in LUT allocation | ||
| 5 | |||
| 6 | thanks to @zerojackyi for reporting | ||
| 7 | |||
| 8 | (cherry picked from commit 6a686019825a89b715d16671f18d049523354176) | ||
| 9 | |||
| 10 | CVE: CVE-2026-42798 | ||
| 11 | Upstream-Status: Backport [https://github.com/mm2/Little-CMS/commit/6a686019825a89b715d16671f18d049523354176] | ||
| 12 | Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> | ||
| 13 | --- | ||
| 14 | src/cmscgats.c | 11 ++++++++++- | ||
| 15 | 1 file changed, 10 insertions(+), 1 deletion(-) | ||
| 16 | |||
| 17 | diff --git a/src/cmscgats.c b/src/cmscgats.c | ||
| 18 | index bccbf58..b099331 100644 | ||
| 19 | --- a/src/cmscgats.c | ||
| 20 | +++ b/src/cmscgats.c | ||
| 21 | @@ -3128,7 +3128,16 @@ cmsBool ParseCube(cmsIT8* cube, cmsStage** Shaper, cmsStage** CLUT, char title[] | ||
| 22 | |||
| 23 | if (lut_size > 0) { | ||
| 24 | |||
| 25 | - int nodes = lut_size * lut_size * lut_size; | ||
| 26 | + int nodes; | ||
| 27 | + | ||
| 28 | + /** | ||
| 29 | + * Professional LUT‑generation tools (e.g., Nobe LutBake) list 65×65×65 as their highest supported size. | ||
| 30 | + */ | ||
| 31 | + if (lut_size > 65) | ||
| 32 | + return SynError(cube, "LUT size '%d' is over maximum of 65", lut_size); | ||
| 33 | + | ||
| 34 | + nodes = lut_size * lut_size * lut_size; | ||
| 35 | + | ||
| 36 | |||
| 37 | cmsFloat32Number* lut_table = _cmsMalloc(cube->ContextID, nodes * 3 * sizeof(cmsFloat32Number)); | ||
| 38 | if (lut_table == NULL) return FALSE; | ||
diff --git a/meta-oe/recipes-support/lcms/lcms_2.16.bb b/meta-oe/recipes-support/lcms/lcms_2.16.bb index 8a70572907..7544e83578 100644 --- a/meta-oe/recipes-support/lcms/lcms_2.16.bb +++ b/meta-oe/recipes-support/lcms/lcms_2.16.bb | |||
| @@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=e9ce323c4b71c943a785db90142b228a" | |||
| 6 | SRC_URI = "${SOURCEFORGE_MIRROR}/lcms/lcms2-${PV}.tar.gz \ | 6 | SRC_URI = "${SOURCEFORGE_MIRROR}/lcms/lcms2-${PV}.tar.gz \ |
| 7 | file://CVE-2026-41254_1.patch \ | 7 | file://CVE-2026-41254_1.patch \ |
| 8 | file://CVE-2026-41254_2.patch \ | 8 | file://CVE-2026-41254_2.patch \ |
| 9 | file://CVE-2026-42798.patch \ | ||
| 9 | " | 10 | " |
| 10 | SRC_URI[sha256sum] = "d873d34ad8b9b4cea010631f1a6228d2087475e4dc5e763eb81acc23d9d45a51" | 11 | SRC_URI[sha256sum] = "d873d34ad8b9b4cea010631f1a6228d2087475e4dc5e763eb81acc23d9d45a51" |
| 11 | 12 | ||
