Fix CVE-2022-48281

Resolves: CVE-2022-48281
2023-05-16 14:38:20 +02:00 · 2023-05-16 14:38:20 +02:00 · 3fb83b8c99
commit 3fb83b8c99
parent efa531dac8
2 changed files with 30 additions and 1 deletions
--- a/0037-CVE-2022-48281-tiffcrop-Correct-simple-copy-paste-er.patch
+++ b/0037-CVE-2022-48281-tiffcrop-Correct-simple-copy-paste-er.patch
@ -0,0 +1,24 @@
+From 72bbfc1ecd58f7732946719a0aeb2070f056bb6f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Matej=20Mu=C5=BEila?= <mmuzila@redhat.com>
+Date: Tue, 16 May 2023 13:04:55 +0200
+Subject: [PATCH] (CVE-2022-48281) tiffcrop: Correct simple copy paste error.
+ Fix #488.
+
+(cherry picked from commit d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5)
+---
+ tools/tiffcrop.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index 848b2b49..7f738d91 100644
+--- a/tools/tiffcrop.c
+++ b/tools/tiffcrop.c
+@@ -7537,7 +7537,7 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
+         crop_buff = (unsigned char *)_TIFFmalloc(cropsize);
+       else
+         {
+-        prev_cropsize = seg_buffs[0].size;
+        prev_cropsize = seg_buffs[i].size;
+         if (prev_cropsize < cropsize)
+           {
+           next_buff = _TIFFrealloc(crop_buff, cropsize);
--- a/libtiff.spec
+++ b/libtiff.spec
@ -1,7 +1,7 @@
 Summary:       Library of functions for manipulating TIFF format image files
 Name:          libtiff
 Version:       4.0.9
-Release:       27%{?dist}
+Release:       28%{?dist}
 License:       libtiff
 Group:         System Environment/Libraries
 URL:           http://www.simplesystems.org/libtiff/
@ -47,6 +47,7 @@ Patch0033: 0033-CVE-2022-2519-CVE-2022-2520-CVE-2022-2521-CVE-2022-2.patch
 Patch0034: 0034-CVE-2022-2519-CVE-2022-2520-CVE-2022-2521-CVE-2022-2.patch
 Patch0035: 0035-CVE-2022-3597-CVE-2022-3626-CVE-2022-3627-tiffcrop-d.patch
 Patch0036: 0036-CVE-2022-3970-TIFFReadRGBATileExt-fix-unsigned-integ.patch
+Patch0037: 0037-CVE-2022-48281-tiffcrop-Correct-simple-copy-paste-er.patch


 BuildRequires: gcc, gcc-c++
@ -201,6 +202,10 @@ find html -name 'Makefile*' | xargs rm
 %{_mandir}/man1/*

 %changelog
+* Tue May 16 2023 Matej Mužila <mmuzila@redhat.com> - 4.0.9-28
+- Fix CVE-2022-48281
+- Resolves: CVE-2022-48281
+
 * Mon Jan 16 2023 Matej Mužila <mmuzila@redhat.com> - 4.0.9-27
 - Fix various CVEs
 - Resolves: CVE-2022-3627 CVE-2022-3970