[med-svn] [Git][med-team/xmedcon][debian/bookworm] 2 commits: CVE-2025-2581.patch: new: fix CVE-2025-2581.
Étienne Mollier (@emollier)
gitlab at salsa.debian.org
Sat Mar 22 19:32:12 GMT 2025
Étienne Mollier pushed to branch debian/bookworm at Debian Med / xmedcon
Commits:
e5bd4ce8 by Étienne Mollier at 2025-03-22T19:58:27+01:00
CVE-2025-2581.patch: new: fix CVE-2025-2581.
Closes: #1100986
- - - - -
2d01dcfe by Étienne Mollier at 2025-03-22T20:22:10+01:00
d/changelog: ready for upload to bookworm.
- - - - -
3 changed files:
- debian/changelog
- + debian/patches/CVE-2025-2581.patch
- debian/patches/series
Changes:
=====================================
debian/changelog
=====================================
@@ -1,3 +1,10 @@
+xmedcon (0.23.0-gtk3+dfsg-1+deb12u2) bookworm; urgency=medium
+
+ * Team upload.
+ * CVE-2025-2581.patch: new: fix CVE-2025-2581. (Closes: #1100986)
+
+ -- Étienne Mollier <emollier at debian.org> Sat, 22 Mar 2025 19:58:34 +0100
+
xmedcon (0.23.0-gtk3+dfsg-1+deb12u1) bookworm; urgency=medium
* Team upload.
=====================================
debian/patches/CVE-2025-2581.patch
=====================================
@@ -0,0 +1,40 @@
+Description: Check for overflow between size_t and int64_t.
+Author: Erik Nolf
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100986
+Applied-Upstream: e7a88836fc2277f8ab777f3ef24f917d08415559
+Reviewed-by: Étienne Mollier <emollier at debian.org>
+Last-Update: 2025-03-22
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- xmedcon.orig/libs/dicom/single.c
++++ xmedcon/libs/dicom/single.c
+@@ -22,8 +22,9 @@
+ SINGLE *dicom_single(void)
+ {
+ ELEMENT *e;
+- S32 length;
++ S32 length, bytes;
+ U32 i, f;
++ size_t size;
+ char *interpretation[]=
+ {
+ "MONOCHROME2",
+@@ -265,7 +266,17 @@
+ /* eNlf: - allocate an extra 4 bytes, otherwise the bit.c */
+ /* eNlf: routines like source.u++ go beyond the boundaries */
+ /* eNlf: - memset the allocated buffer for sure */
+- data = (U8*)malloc(width*height*pixel*frames+4);
++ bytes = (int64_t)width*height*pixel*frames+4;
++
++ /* check for overflow */
++ size = (size_t)bytes;
++ if ((int64_t)size != bytes) {
++ dicom_log(ERROR,"System size_t too small");
++ return 0L;
++ }
++
++ /* allocate memory */
++ data = (U8*)malloc(bytes);
+ if (!data)
+ {
+ dicom_log(ERROR,"Out of memory");
=====================================
debian/patches/series
=====================================
@@ -3,3 +3,4 @@ use_debian_packaged_niftilib.patch
cross.patch
typos.patch
CVE-2024-29421.patch
+CVE-2025-2581.patch
View it on GitLab: https://salsa.debian.org/med-team/xmedcon/-/compare/fdbf9bc9c0e26158ba0f5d9415b213ec1e22ebbb...2d01dcfeb6e0867e4b22db5b19fd4e4c9660b509
--
View it on GitLab: https://salsa.debian.org/med-team/xmedcon/-/compare/fdbf9bc9c0e26158ba0f5d9415b213ec1e22ebbb...2d01dcfeb6e0867e4b22db5b19fd4e4c9660b509
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-med-commit/attachments/20250322/042f1ddc/attachment-0001.htm>
More information about the debian-med-commit
mailing list