[AUTO-CHERRYPICK] Patch giflib for CVE-2025-31344 [HIGH] - branch main (#13489)

CBL-Mariner-Bot · realsdx · web-flow · commit 146939ee3a6f · 2025-04-21T15:30:20.000-04:00
Co-authored-by: Sudipta Pandit &lt;sudpandit@microsoft.com&gt;
diff --git a/SPECS/giflib/CVE-2025-31344.patch b/SPECS/giflib/CVE-2025-31344.patch
@@ -0,0 +1,29 @@
+From a4f400bf6fc39436d21ea9ca30d299ae44988a6d Mon Sep 17 00:00:00 2001
+From: Sudipta Pandit <sudpandit@microsoft.com>
+Date: Wed, 16 Apr 2025 03:03:51 +0530
+Subject: [PATCH] Fix CVE-2025-31344
+
+Upstream ref: https://gitee.com/src-openeuler/giflib/blob/2c10c1abf8ff2e88b1da04e050bb721487b73fa3/Fix-heap-buffer-overflow.patch
+
+---
+ gif2rgb.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/gif2rgb.c b/gif2rgb.c
+index 8d7c0ff..2032604 100644
+--- a/gif2rgb.c
++++ b/gif2rgb.c
+@@ -317,6 +317,10 @@ static void DumpScreen2RGB(char *FileName, int OneFileFlag,
+             GifRow = ScreenBuffer[i];
+             GifQprintf("\b\b\b\b%-4d", ScreenHeight - i);
+             for (j = 0; j < ScreenWidth; j++) {
++                /* Check if color is within color palate */
++                if (GifRow[j] >= ColorMap->ColorCount) {
++                  GIF_EXIT(GifErrorString(D_GIF_ERR_IMAGE_DEFECT));
++                }
+                 ColorMapEntry = &ColorMap->Colors[GifRow[j]];
+                 Buffers[0][j] = ColorMapEntry->Red;
+                 Buffers[1][j] = ColorMapEntry->Green;
+-- 
+2.34.1
+
diff --git a/SPECS/giflib/giflib.spec b/SPECS/giflib/giflib.spec
@@ -1,7 +1,7 @@
 Name:           giflib
 Summary:        A library and utilities for processing GIFs
 Version:        5.2.1
-Release:        8%{?dist}
+Release:        9%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -12,6 +12,7 @@ Patch0:         giflib_quantize.patch
 Patch1:         CVE-2023-48161.patch
 Patch2:         CVE-2022-28506.patch
 Patch3:         CVE-2023-39742.patch
+Patch4:         CVE-2025-31344.patch
 BuildRequires:  gcc
 BuildRequires:  make
 BuildRequires:  xmlto
@@ -62,6 +63,9 @@ find %{buildroot} -name '*.a' -print -delete
 %{_mandir}/man1/*.1*
 
 %changelog
+* Tue Apr 15 2025 Sudipta Pandit <sudpandit@microsoft.com> - 5.2.1-9
+- Patch CVE-2025-31344
+
 * Fri Feb 14 2024 Kevin Lockwood <v-klockwood@microsoft.com> - 5.2.1-8
 - Patch CVE-2023-39742
 
