mirror of
https://github.com/openwrt/packages.git
synced 2026-05-31 06:51:51 +08:00
Alexandru Ardelean
ad6f76e309
Security fixes (18 GHSAs addressed between 7.1.2-1 and 7.1.2-21): - Fix stack buffer overflow in MagnifyImage (GHSA-rqq8-jh93-f4vg, high) - Fix heap buffer overflow in WaveletDenoiseImage (GHSA-5ggv-92r5-cp4p) - Fix uninitialized pointer dereference in JBIG decoder (GHSA-wj8w-pjxf-9g4f, high) - Fix heap buffer over-write in PNG encoder with large profiles (GHSA-qmw5-2p58-xvrc) - Fix heap buffer overflow in UHDR encoder (GHSA-h95r-c8c7-mrwx) - Fix stack buffer overflow in sixel encoder (GHSA-49hx-7656-jpg3) - Fix heap-buffer-overflow in NewXMLTree XML parsing (GHSA-gc62-2v5p-qpmp) - Fix heap buffer over-write on 32-bit systems in SFW decoder (GHSA-56jp-jfqg-f8f4) - Add overflow checks to BMP/DIB, SGI, PS3, JXL, and sixel write paths Bug fixes: - Fix double-free in SVG gradientTransform/transform parsing - Fix NULL pointer dereference in HEIC NCLX color profile allocation - Fix heap over-read in BilateralBlurImage with even-dimension kernels - Fix infinite loop when decoding JXL with -limit height/width - Fix race condition using properties instead of global splaytree Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>