diff options
| author | Gyorgy Sarvari <skandigraun@gmail.com> | 2026-01-27 07:50:17 +0100 |
|---|---|---|
| committer | Khem Raj <raj.khem@gmail.com> | 2026-01-30 23:59:10 -0800 |
| commit | 5dddc4f5200f512ec44cc12596358a825a31149e (patch) | |
| tree | cdaec57287ef10541a5fd6a7850af95e04a0498c /meta-oe/recipes-graphics | |
| parent | 922de306a6578d5317fe05845f04465a6e9d14cc (diff) | |
| download | meta-openembedded-5dddc4f5200f512ec44cc12596358a825a31149e.tar.gz | |
fontforge: patch CVE-2025-15275
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15275
Pick the patch that mentions this vulnerability ID explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-oe/recipes-graphics')
| -rw-r--r-- | meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15275.patch | 34 | ||||
| -rw-r--r-- | meta-oe/recipes-graphics/fontforge/fontforge_20251009.bb | 1 |
2 files changed, 35 insertions, 0 deletions
diff --git a/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15275.patch b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15275.patch new file mode 100644 index 0000000000..d3d00fd9ac --- /dev/null +++ b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15275.patch | |||
| @@ -0,0 +1,34 @@ | |||
| 1 | From 8aed4d992db246a537d07862f31dd04698c3f7e2 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Gyorgy Sarvari <skandigraun@gmail.com> | ||
| 3 | Date: Fri, 9 Jan 2026 16:58:23 +0100 | ||
| 4 | Subject: [PATCH] Fix CVE-2025-15275: Heap buffer overflow in SFD image parsing | ||
| 5 | (#5721) | ||
| 6 | |||
| 7 | From: Ahmet Furkan Kavraz <55850855+ahmetfurkankavraz@users.noreply.github.com> | ||
| 8 | |||
| 9 | Fixes: CVE-2025-15275 | ZDI-25-1189 | ZDI-CAN-28543 | ||
| 10 | |||
| 11 | Co-authored-by: Ahmet Furkan Kavraz <kavraz@amazon.com> | ||
| 12 | |||
| 13 | CVE: CVE-2025-15275 | ||
| 14 | Upstream-Status: Backport [https://github.com/fontforge/fontforge/commit/7195402701ace7783753ef9424153eff48c9af44] | ||
| 15 | Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> | ||
| 16 | --- | ||
| 17 | fontforge/sfd.c | 4 ++++ | ||
| 18 | 1 file changed, 4 insertions(+) | ||
| 19 | |||
| 20 | diff --git a/fontforge/sfd.c b/fontforge/sfd.c | ||
| 21 | index 149941148..e19d3a30f 100644 | ||
| 22 | --- a/fontforge/sfd.c | ||
| 23 | +++ b/fontforge/sfd.c | ||
| 24 | @@ -3585,6 +3585,10 @@ static ImageList *SFDGetImage(FILE *sfd) { | ||
| 25 | getint(sfd,&image_type); | ||
| 26 | getint(sfd,&bpl); | ||
| 27 | getint(sfd,&clutlen); | ||
| 28 | + if ( clutlen < 0 || clutlen > 256 ) { | ||
| 29 | + LogError(_("Invalid clut length %d in sfd file, must be between 0 and 256"), clutlen); | ||
| 30 | + return NULL; | ||
| 31 | + } | ||
| 32 | gethex(sfd,&trans); | ||
| 33 | image = GImageCreate(image_type,width,height); | ||
| 34 | base = image->list_len==0?image->u.image:image->u.images[0]; | ||
diff --git a/meta-oe/recipes-graphics/fontforge/fontforge_20251009.bb b/meta-oe/recipes-graphics/fontforge/fontforge_20251009.bb index e6533079d5..4203c1ef58 100644 --- a/meta-oe/recipes-graphics/fontforge/fontforge_20251009.bb +++ b/meta-oe/recipes-graphics/fontforge/fontforge_20251009.bb | |||
| @@ -20,6 +20,7 @@ SRC_URI = "git://github.com/${BPN}/${BPN}.git;branch=master;protocol=https;tag=$ | |||
| 20 | file://0001-cmake-Use-alternate-way-to-detect-libm.patch \ | 20 | file://0001-cmake-Use-alternate-way-to-detect-libm.patch \ |
| 21 | file://CVE-2025-15279-1.patch \ | 21 | file://CVE-2025-15279-1.patch \ |
| 22 | file://CVE-2025-15279-2.patch \ | 22 | file://CVE-2025-15279-2.patch \ |
| 23 | file://CVE-2025-15275.patch \ | ||
| 23 | " | 24 | " |
| 24 | 25 | ||
| 25 | EXTRA_OECMAKE = "-DENABLE_DOCS=OFF" | 26 | EXTRA_OECMAKE = "-DENABLE_DOCS=OFF" |