Sisyphus repository
Last update: 1 october 2023 | SRPMs: 18631 | Visits: 37478088
en ru br
ALT Linux repos
D:3.0-alt1
5.0: 2.0-alt5
4.1: 2.0-alt4
4.0: 2.0-alt3
3.0: 2.0-alt2.1

Group :: Publishing
RPM: tetex

 Main   Changelog   Spec   Patches   Sources   Download   Gear   Bugs and FR  Repocop 

Patch: teTeX-CVE-2004-1125.patch
Download

diff -Nur tetex-bin-2.0.2/libs/xpdf/xpdf/Gfx.cc tetex-bin-2.0.2.new/libs/xpdf/xpdf/Gfx.cc
--- tetex-bin-2.0.2/libs/xpdf/xpdf/Gfx.cc	2002-12-06 00:44:32.000000000 +0100
+++ tetex-bin-2.0.2.new/libs/xpdf/xpdf/Gfx.cc	2004-12-22 16:25:20.343244344 +0100
@@ -2381,7 +2381,7 @@
     haveMask = gFalse;
     dict->lookup("Mask", &maskObj);
     if (maskObj.isArray()) {
-      for (i = 0; i < maskObj.arrayGetLength(); ++i) {
+      for (i = 0; i < maskObj.arrayGetLength() && i < 2*gfxColorMaxComps; ++i) {
 	maskObj.arrayGet(i, &obj1);
 	maskColors[i] = obj1.getInt();
 	obj1.free();
diff -Nur tetex-bin-2.0.2/libs/xpdf/xpdf/GfxState.cc tetex-bin-2.0.2.new/libs/xpdf/xpdf/GfxState.cc
--- tetex-bin-2.0.2/libs/xpdf/xpdf/GfxState.cc	2003-01-07 17:33:35.000000000 +0100
+++ tetex-bin-2.0.2.new/libs/xpdf/xpdf/GfxState.cc	2004-12-22 16:26:39.536205184 +0100
@@ -708,6 +708,11 @@
   }
   nCompsA = obj2.getInt();
   obj2.free();
+  if (nCompsA > gfxColorMaxComps) {
+    error(-1, "ICCBased color space with too many (%d > %d) components",
+        nCompsA, gfxColorMaxComps);
+    nCompsA = gfxColorMaxComps;
+  }
   if (dict->lookup("Alternate", &obj2)->isNull() ||
       !(altA = GfxColorSpace::parse(&obj2))) {
     switch (nCompsA) {
 
design & coding: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
current maintainer: Michael Shigorin