1 files changed, 27 insertions, 0 deletions
diff --git a/giflib/giflib-5.2.2-security_fixes-1.patch b/giflib/giflib-5.2.2-security_fixes-1.patch
new file mode 100644
index 0000000..b81d28a
--- /dev/null
+++ b/giflib/giflib-5.2.2-security_fixes-1.patch
@@ -0,0 +1,27 @@
+Submitted By:            Douglas R. Reno <renodr at linuxfromscratch dot org>
+Date:                    2025-05-19
+Initial Package Version: 5.2.2
+Upstream Status:         Abandoned
+Origin:                  OpenMandriva (see BLFS Ticket #21574)
+Description:             Fixes several CVEs in giflib that are known to lead to
+                         a heap buffer overflow. The CVEs in question are
+                         CVE-2025-31344, CVE-2024-45993, CVE-2023-48161, and
+                         CVE-2022-28506. The CVEs are all rated High, and are
+                         known to cause crashes with a lower chance of impacts
+                         including arbitrary code execution.
+diff -Naurp giflib-5.2.2.orig/gif2rgb.c giflib-5.2.2/gif2rgb.c
+--- giflib-5.2.2.orig/gif2rgb.c 2024-02-18 21:01:28.000000000 -0600
+++ giflib-5.2.2/gif2rgb.c      2025-05-19 15:23:36.911153908 -0500
+@@ -329,6 +329,11 @@ static void DumpScreen2RGB(char *FileNam
+                        GifRow = ScreenBuffer[i];
+                        GifQprintf("\b\b\b\b%-4d", ScreenHeight - i);
+                        for (j = 0; j < ScreenWidth; j++) {
+            /* Check if color is within color palete */
+            if (GifRow[j] >= ColorMap->ColorCount) {
+               GIF_EXIT(GifErrorString(
+                   D_GIF_ERR_IMAGE_DEFECT));
+            }
+                                ColorMapEntry = &ColorMap->Colors[GifRow[j]];
+                                Buffers[0][j] = ColorMapEntry->Red;
+                                Buffers[1][j] = ColorMapEntry->Green;

diff --git a/giflib/giflib-5.2.2-security_fixes-1.patch b/giflib/giflib-5.2.2-security_fixes-1.patch new file mode 100644 index 0000000..b81d28a --- /dev/null +++ b/giflib/giflib-5.2.2-security_fixes-1.patch
@@ -0,0 +1,27 @@
	1	Submitted By: Douglas R. Reno <renodr at linuxfromscratch dot org>
	2	Date: 2025-05-19
	3	Initial Package Version: 5.2.2
	4	Upstream Status: Abandoned
	5	Origin: OpenMandriva (see BLFS Ticket #21574)
	6	Description: Fixes several CVEs in giflib that are known to lead to
	7	a heap buffer overflow. The CVEs in question are
	8	CVE-2025-31344, CVE-2024-45993, CVE-2023-48161, and
	9	CVE-2022-28506. The CVEs are all rated High, and are
	10	known to cause crashes with a lower chance of impacts
	11	including arbitrary code execution.
	12
	13	diff -Naurp giflib-5.2.2.orig/gif2rgb.c giflib-5.2.2/gif2rgb.c
	14	--- giflib-5.2.2.orig/gif2rgb.c 2024-02-18 21:01:28.000000000 -0600
	15	+++ giflib-5.2.2/gif2rgb.c 2025-05-19 15:23:36.911153908 -0500
	16	@@ -329,6 +329,11 @@ static void DumpScreen2RGB(char *FileNam
	17	GifRow = ScreenBuffer[i];
	18	GifQprintf("\b\b\b\b%-4d", ScreenHeight - i);
	19	for (j = 0; j < ScreenWidth; j++) {
	20	+ /* Check if color is within color palete */
	21	+ if (GifRow[j] >= ColorMap->ColorCount) {
	22	+ GIF_EXIT(GifErrorString(
	23	+ D_GIF_ERR_IMAGE_DEFECT));
	24	+ }
	25	ColorMapEntry = &ColorMap->Colors[GifRow[j]];
	26	Buffers[0][j] = ColorMapEntry->Red;
	27	Buffers[1][j] = ColorMapEntry->Green;