parent
c8be182a6a
commit
55b6eaeda7
|
@ -0,0 +1,36 @@
|
|||
From af4ee2276bfb9cfdd1809326604ead5a405735be Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Matej=20Mu=C5=BEila?= <mmuzila@redhat.com>
|
||||
Date: Thu, 8 Jun 2023 14:10:59 +0200
|
||||
Subject: [PATCH] (CVE-2023-2731) LZWDecode(): avoid crash when trying to read
|
||||
again from a strip whith a missing end-of-information marker (fixes #548)
|
||||
|
||||
(cherry picked from commit 9be22b639ea69e102d3847dca4c53ef025e9527b)
|
||||
---
|
||||
libtiff/tif_lzw.c | 7 ++++++-
|
||||
1 file changed, 6 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/libtiff/tif_lzw.c b/libtiff/tif_lzw.c
|
||||
index 096824d2..2ba6237e 100644
|
||||
--- a/libtiff/tif_lzw.c
|
||||
+++ b/libtiff/tif_lzw.c
|
||||
@@ -404,7 +404,11 @@ LZWDecode(TIFF* tif, uint8_t* op0, tmsize_t occ0, uint16_t s)
|
||||
assert(sp->dec_codetab != NULL);
|
||||
|
||||
if (sp->read_error) {
|
||||
- return 0;
|
||||
+ TIFFErrorExt(tif->tif_clientdata, module,
|
||||
+ "LZWDecode: Scanline %" PRIu32 " cannot be read due to "
|
||||
+ "previous error",
|
||||
+ tif->tif_row);
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -705,6 +709,7 @@ after_loop:
|
||||
return (1);
|
||||
|
||||
no_eoi:
|
||||
+ sp->read_error = 1;
|
||||
TIFFErrorExt(tif->tif_clientdata, module,
|
||||
"LZWDecode: Strip %"PRIu32" not terminated with EOI code",
|
||||
tif->tif_curstrip);
|
|
@ -1,7 +1,7 @@
|
|||
Summary: Library of functions for manipulating TIFF format image files
|
||||
Name: libtiff
|
||||
Version: 4.4.0
|
||||
Release: 8%{?dist}
|
||||
Release: 9%{?dist}
|
||||
License: libtiff
|
||||
URL: http://www.simplesystems.org/libtiff/
|
||||
|
||||
|
@ -26,6 +26,7 @@ Patch0011: 0011-CVE-2023-0800-CVE-2023-0801-CVE-2023-0802-CVE-2023-0.patch
|
|||
Patch0012: 0012-Merge-branch-tiffcrop_correctly_update_buffersize_af.patch
|
||||
# CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799
|
||||
Patch0013: 0013-CVE-2023-0795-CVE-2023-0796-CVE-2023-0797-CVE-2023-0.patch
|
||||
Patch0014: 0014-CVE-2023-2731-LZWDecode-avoid-crash-when-trying-to-r.patch
|
||||
|
||||
|
||||
|
||||
|
@ -180,6 +181,10 @@ find html -name 'Makefile*' | xargs rm
|
|||
%{_mandir}/man1/*
|
||||
|
||||
%changelog
|
||||
* Thu Jun 08 2023 Matej Mužila <mmuzila@redhat.com> - 4.4.0-9
|
||||
- Fix CVE-2023-2731
|
||||
- Resolves: CVE-2023-2731
|
||||
|
||||
* Tue Mar 21 2023 Matej Mužila <mmuzila@redhat.com> - 4.4.0-8
|
||||
- Fix CVE-2023-0800 CVE-2023-0801 CVE-2023-0802 CVE-2023-0803 CVE-2023-0804
|
||||
CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799
|
||||
|
|
Loading…
Reference in New Issue