rpms/libtiff
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix CVE-2022-48281

Browse Source 
Resolves: CVE-2022-48281
This commit is contained in:
Matej Mužila 2023-05-16 14:38:20 +02:00
parent efa531dac8
commit 3fb83b8c99
2 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
0037-CVE-2022-48281-tiffcrop-Correct-simple-copy-paste-er.patch Normal file
View File

@ -0,0 +1,24 @@
From 72bbfc1ecd58f7732946719a0aeb2070f056bb6f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matej=20Mu=C5=BEila?= <mmuzila@redhat.com>
Date: Tue, 16 May 2023 13:04:55 +0200
Subject: [PATCH] (CVE-2022-48281) tiffcrop: Correct simple copy paste error.
Fix #488.
(cherry picked from commit d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5)
---
tools/tiffcrop.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
index 848b2b49..7f738d91 100644
--- a/tools/tiffcrop.c
+++ b/tools/tiffcrop.c
@@ -7537,7 +7537,7 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
crop_buff = (unsigned char *)_TIFFmalloc(cropsize);
else
{
- prev_cropsize = seg_buffs[0].size;
+ prev_cropsize = seg_buffs[i].size;
if (prev_cropsize < cropsize)
{
next_buff = _TIFFrealloc(crop_buff, cropsize);

7
libtiff.spec
View File

@ -1,7 +1,7 @@
Summary: Library of functions for manipulating TIFF format image files Summary: Library of functions for manipulating TIFF format image files
Name: libtiff Name: libtiff
Version: 4.0.9 Version: 4.0.9
Release: 27%{?dist} Release: 28%{?dist}
License: libtiff License: libtiff
Group: System Environment/Libraries Group: System Environment/Libraries
URL: http://www.simplesystems.org/libtiff/ URL: http://www.simplesystems.org/libtiff/
@ -47,6 +47,7 @@ Patch0033: 0033-CVE-2022-2519-CVE-2022-2520-CVE-2022-2521-CVE-2022-2.patch
Patch0034: 0034-CVE-2022-2519-CVE-2022-2520-CVE-2022-2521-CVE-2022-2.patch Patch0034: 0034-CVE-2022-2519-CVE-2022-2520-CVE-2022-2521-CVE-2022-2.patch
Patch0035: 0035-CVE-2022-3597-CVE-2022-3626-CVE-2022-3627-tiffcrop-d.patch Patch0035: 0035-CVE-2022-3597-CVE-2022-3626-CVE-2022-3627-tiffcrop-d.patch
Patch0036: 0036-CVE-2022-3970-TIFFReadRGBATileExt-fix-unsigned-integ.patch Patch0036: 0036-CVE-2022-3970-TIFFReadRGBATileExt-fix-unsigned-integ.patch
Patch0037: 0037-CVE-2022-48281-tiffcrop-Correct-simple-copy-paste-er.patch
BuildRequires: gcc, gcc-c++ BuildRequires: gcc, gcc-c++
@ -201,6 +202,10 @@ find html -name 'Makefile*' | xargs rm
%{_mandir}/man1/* %{_mandir}/man1/*
%changelog %changelog
* Tue May 16 2023 Matej Mužila <mmuzila@redhat.com> - 4.0.9-28
- Fix CVE-2022-48281
- Resolves: CVE-2022-48281
* Mon Jan 16 2023 Matej Mužila <mmuzila@redhat.com> - 4.0.9-27 * Mon Jan 16 2023 Matej Mužila <mmuzila@redhat.com> - 4.0.9-27
- Fix various CVEs - Fix various CVEs
- Resolves: CVE-2022-3627 CVE-2022-3970 - Resolves: CVE-2022-3627 CVE-2022-3970