[kirkstone,12/24] ghostscript: patch CVE-2025-59800

Message ID	5109fd6675b6782f10f86f774fe54b6ccecee415.1760038088.git.steve@sakoman.com
State	New
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.210.172, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 12/24] ghostscript: patch CVE-2025-59800 Date: Thu, 9 Oct 2025 12:30:56 -0700 Message-ID: <5109fd6675b6782f10f86f774fe54b6ccecee415.1760038088.git.steve@sakoman.com> In-Reply-To: <cover.1760038088.git.steve@sakoman.com> References: <cover.1760038088.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[kirkstone,01/24] libxml2: fix CVE-2025-9714 \| expand [kirkstone,01/24] libxml2: fix CVE-2025-9714 [kirkstone,02/24] gstreamer1.0-plugins-bad: Fix CVE-2025-3887 [kirkstone,03/24] busybox: patch CVE-2025-46394 [kirkstone,04/24] libxslt: Patch for CVE-2025-7424 [kirkstone,05/24] tiff: Fix CVE-2025-8961 [kirkstone,06/24] tiff: Fix CVE-2025-9165 [kirkstone,07/24] gstreamer1.0: ignore CVEs fixed in plugins [kirkstone,08/24] gstreamer1.0: ignore CVE-2025-2759 [kirkstone,09/24] grub: ignore CVE-2024-2312 [kirkstone,10/24] ghostscript: patch CVE-2025-59798 [kirkstone,11/24] ghostscript: patch CVE-2025-59799 [kirkstone,12/24] ghostscript: patch CVE-2025-59800 [kirkstone,13/24] pulseaudio: ignore CVE-2024-11586 [kirkstone,14/24] ffmpeg: ignore CVE-2023-6603 [kirkstone,15/24] ffmpeg: mark CVE-2023-6601 as patched [kirkstone,16/24] go: fix CVE-2025-47906 [kirkstone,17/24] scripts/install-buildtools: Update to 4.0.30 [kirkstone,18/24] openssl: upgrade 3.0.17 -> 3.0.18 [kirkstone,19/24] glibc: stable 2.35 branch updates [kirkstone,20/24] systemd: backport fix for handle USE_NLS from master [kirkstone,21/24] p11-kit: backport fix for handle USE_NLS from master [kirkstone,22/24] conf/bitbake.conf: use gnu mirror instead of main server [kirkstone,23/24] selftest/cases/meta_ide.py: use use gnu mirror instead of main server [kirkstone,24/24] oeqa/sdk/cases/buildcpio.py: use gnu mirror instead of main server

Message ID

5109fd6675b6782f10f86f774fe54b6ccecee415.1760038088.git.steve@sakoman.com

State

New

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 12/24] ghostscript: patch CVE-2025-59800
Date: Thu,  9 Oct 2025 12:30:56 -0700
Message-ID: 
 <5109fd6675b6782f10f86f774fe54b6ccecee415.1760038088.git.steve@sakoman.com>
In-Reply-To: <cover.1760038088.git.steve@sakoman.com>
References: <cover.1760038088.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[kirkstone,01/24] libxml2: fix CVE-2025-9714 | expand

Commit Message

Steve Sakoman Oct. 9, 2025, 7:30 p.m. UTC

From: Peter Marko <peter.marko@siemens.com>

Pick commit mentioned in the NVD report.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ghostscript/CVE-2025-59800.patch          | 36 +++++++++++++++++++
 .../ghostscript/ghostscript_9.55.0.bb         |  1 +
 2 files changed, 37 insertions(+)
 create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59800.patch

diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59800.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59800.patch
new file mode 100644
index 0000000000..5d50865271
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2025-59800.patch
@@ -0,0 +1,36 @@ 
+From 176cf0188a2294bc307b8caec876f39412e58350 Mon Sep 17 00:00:00 2001
+From: Ken Sharp <Ken.Sharp@artifex.com>
+Date: Tue, 1 Jul 2025 10:31:17 +0100
+Subject: [PATCH] PDF OCR 8 bit device - avoid overflow
+
+Bug 708602 "Heap overflow in ocr_line8"
+
+Make sure the calculation of the required raster size does not overflow
+an int.
+
+CVE: CVE-2025-59800
+Upstream-Status: Backport [https://github.com/ArtifexSoftware/ghostpdl/commit/176cf0188a2294bc307b8caec876f39412e58350]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ devices/gdevpdfocr.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/devices/gdevpdfocr.c b/devices/gdevpdfocr.c
+index f27dc11db..6362f4104 100644
+--- a/devices/gdevpdfocr.c
++++ b/devices/gdevpdfocr.c
+@@ -521,9 +521,12 @@ ocr_line32(gx_device_pdf_image *dev, void *row)
+ static int
+ ocr_begin_page(gx_device_pdf_image *dev, int w, int h, int bpp)
+ {
+-    int raster = (w+3)&~3;
++    int64_t raster = (w + 3) & ~3;
+ 
+-    dev->ocr.data = gs_alloc_bytes(dev->memory, raster * h, "ocr_begin_page");
++    raster = raster * (int64_t)h;
++    if (raster < 0 || raster > max_size_t)
++        return gs_note_error(gs_error_VMerror);
++    dev->ocr.data = gs_alloc_bytes(dev->memory, raster, "ocr_begin_page");
+     if (dev->ocr.data == NULL)
+         return_error(gs_error_VMerror);
+     dev->ocr.w = w;
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
index 349c007e94..b8195e3eff 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
@@ -78,6 +78,7 @@  SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
                 file://CVE-2025-48708.patch \
                 file://CVE-2025-59798.patch \
                 file://CVE-2025-59799.patch \
+                file://CVE-2025-59800.patch \
 "
 
 SRC_URI = "${SRC_URI_BASE} \

[kirkstone,12/24] ghostscript: patch CVE-2025-59800

Commit Message

Patch