summaryrefslogtreecommitdiffstats
path: root/meta-oe
diff options
context:
space:
mode:
authorGyorgy Sarvari <skandigraun@gmail.com>2026-04-09 19:09:17 +1200
committerAnuj Mittal <anuj.mittal@oss.qualcomm.com>2026-04-13 12:40:21 +0530
commit7e723ad1c7bd3a3eeb94e30f3f3b520b50172fe5 (patch)
tree1565e3597fc73691673dc67dab60a9f46772d8ac /meta-oe
parent6d5a42a5e0ae78d7af448da491bad00b26fc3a2d (diff)
downloadmeta-openembedded-7e723ad1c7bd3a3eeb94e30f3f3b520b50172fe5.tar.gz
giflib: patch CVE-2025-31344
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-31344 Backport the commit that mentions this CVE ID explicitly in its message. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Diffstat (limited to 'meta-oe')
-rw-r--r--meta-oe/recipes-devtools/giflib/giflib/CVE-2025-31344.patch28
-rw-r--r--meta-oe/recipes-devtools/giflib/giflib_5.2.2.bb3
2 files changed, 30 insertions, 1 deletions
diff --git a/meta-oe/recipes-devtools/giflib/giflib/CVE-2025-31344.patch b/meta-oe/recipes-devtools/giflib/giflib/CVE-2025-31344.patch
new file mode 100644
index 0000000000..8f52154955
--- /dev/null
+++ b/meta-oe/recipes-devtools/giflib/giflib/CVE-2025-31344.patch
@@ -0,0 +1,28 @@
1From 949bf7ded2c23449439e2c3e1f63368cf7985800 Mon Sep 17 00:00:00 2001
2From: "Eric S. Raymond" <esr@thyrsus.com>
3Date: Wed, 18 Feb 2026 18:06:50 -0500
4Subject: [PATCH] Resolve SourceForge bug #187: CVE-2025-31344
5
6CVE: CVE-2025-31344
7Upstream-Status: Backport [https://sourceforge.net/p/giflib/code/ci/7bbe8ea1a595bb7509ffa0a86b076e9b720e85af]
8Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
9---
10 gif2rgb.c | 5 +++++
11 1 file changed, 5 insertions(+)
12
13diff --git a/gif2rgb.c b/gif2rgb.c
14index d51226d..4ce2104 100644
15--- a/gif2rgb.c
16+++ b/gif2rgb.c
17@@ -329,6 +329,11 @@ static void DumpScreen2RGB(char *FileName, int OneFileFlag,
18 GifRow = ScreenBuffer[i];
19 GifQprintf("\b\b\b\b%-4d", ScreenHeight - i);
20 for (j = 0; j < ScreenWidth; j++) {
21+ /* Check if color is within color palete */
22+ if (GifRow[j] >= ColorMap->ColorCount) {
23+ GIF_EXIT(GifErrorString(
24+ D_GIF_ERR_IMAGE_DEFECT));
25+ }
26 ColorMapEntry = &ColorMap->Colors[GifRow[j]];
27 Buffers[0][j] = ColorMapEntry->Red;
28 Buffers[1][j] = ColorMapEntry->Green;
diff --git a/meta-oe/recipes-devtools/giflib/giflib_5.2.2.bb b/meta-oe/recipes-devtools/giflib/giflib_5.2.2.bb
index 8226e9b6c7..c26f3cf160 100644
--- a/meta-oe/recipes-devtools/giflib/giflib_5.2.2.bb
+++ b/meta-oe/recipes-devtools/giflib/giflib_5.2.2.bb
@@ -11,7 +11,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/giflib/${BP}.tar.gz \
11 https://sourceforge.net/p/giflib/code/ci/d54b45b0240d455bbaedee4be5203d2703e59967/tree/doc/giflib-logo.gif?format=raw;subdir=${BP}/doc;name=logo;downloadfilename=giflib-logo.gif \ 11 https://sourceforge.net/p/giflib/code/ci/d54b45b0240d455bbaedee4be5203d2703e59967/tree/doc/giflib-logo.gif?format=raw;subdir=${BP}/doc;name=logo;downloadfilename=giflib-logo.gif \
12 file://0001-Makefile-fix-typo-in-soname-argument.patch \ 12 file://0001-Makefile-fix-typo-in-soname-argument.patch \
13 file://CVE-2026-23868.patch \ 13 file://CVE-2026-23868.patch \
14" 14 file://CVE-2025-31344.patch \
15 "
15 16
16SRC_URI[logo.sha256sum] = "1a54383986adad1521d00e003b4c482c27e8bc60690be944a1f3319c75abc2c9" 17SRC_URI[logo.sha256sum] = "1a54383986adad1521d00e003b4c482c27e8bc60690be944a1f3319c75abc2c9"
17SRC_URI[sha256sum] = "be7ffbd057cadebe2aa144542fd90c6838c6a083b5e8a9048b8ee3b66b29d5fb" 18SRC_URI[sha256sum] = "be7ffbd057cadebe2aa144542fd90c6838c6a083b5e8a9048b8ee3b66b29d5fb"