diff --git a/patches/libz/CVE-2022-37434.patch b/patches/libz/CVE-2022-37434.patch new file mode 100644 index 0000000..b6f5e2e --- /dev/null +++ b/patches/libz/CVE-2022-37434.patch @@ -0,0 +1,15 @@ +diff -ru libz-1.2.8.2015.12.26.orig/inflate.c libz-1.2.8.2015.12.26/inflate.c +--- libz-1.2.8.2015.12.26.orig/inflate.c 2015-12-21 23:37:02.000000000 +0100 ++++ libz-1.2.8.2015.12.26/inflate.c 2022-10-27 11:32:39.403516533 +0200 +@@ -595,8 +595,9 @@ + if (copy > have) copy = have; + if (copy) { + if (state->head != NULL && +- state->head->extra != NULL) { +- len = state->head->extra_len - state->length; ++ state->head->extra != NULL && ++ (len = state->head->extra_max - state->length) < ++ state->head->extra_max) { + memcpy(state->head->extra + len, next, + len + copy > state->head->extra_max ? + state->head->extra_max - len : copy);