parent
c8be182a6a
commit
55b6eaeda7
|
@ -0,0 +1,36 @@
|
||||||
|
From af4ee2276bfb9cfdd1809326604ead5a405735be Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Matej=20Mu=C5=BEila?= <mmuzila@redhat.com>
|
||||||
|
Date: Thu, 8 Jun 2023 14:10:59 +0200
|
||||||
|
Subject: [PATCH] (CVE-2023-2731) LZWDecode(): avoid crash when trying to read
|
||||||
|
again from a strip whith a missing end-of-information marker (fixes #548)
|
||||||
|
|
||||||
|
(cherry picked from commit 9be22b639ea69e102d3847dca4c53ef025e9527b)
|
||||||
|
---
|
||||||
|
libtiff/tif_lzw.c | 7 ++++++-
|
||||||
|
1 file changed, 6 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/libtiff/tif_lzw.c b/libtiff/tif_lzw.c
|
||||||
|
index 096824d2..2ba6237e 100644
|
||||||
|
--- a/libtiff/tif_lzw.c
|
||||||
|
+++ b/libtiff/tif_lzw.c
|
||||||
|
@@ -404,7 +404,11 @@ LZWDecode(TIFF* tif, uint8_t* op0, tmsize_t occ0, uint16_t s)
|
||||||
|
assert(sp->dec_codetab != NULL);
|
||||||
|
|
||||||
|
if (sp->read_error) {
|
||||||
|
- return 0;
|
||||||
|
+ TIFFErrorExt(tif->tif_clientdata, module,
|
||||||
|
+ "LZWDecode: Scanline %" PRIu32 " cannot be read due to "
|
||||||
|
+ "previous error",
|
||||||
|
+ tif->tif_row);
|
||||||
|
+ return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
@@ -705,6 +709,7 @@ after_loop:
|
||||||
|
return (1);
|
||||||
|
|
||||||
|
no_eoi:
|
||||||
|
+ sp->read_error = 1;
|
||||||
|
TIFFErrorExt(tif->tif_clientdata, module,
|
||||||
|
"LZWDecode: Strip %"PRIu32" not terminated with EOI code",
|
||||||
|
tif->tif_curstrip);
|
|
@ -1,7 +1,7 @@
|
||||||
Summary: Library of functions for manipulating TIFF format image files
|
Summary: Library of functions for manipulating TIFF format image files
|
||||||
Name: libtiff
|
Name: libtiff
|
||||||
Version: 4.4.0
|
Version: 4.4.0
|
||||||
Release: 8%{?dist}
|
Release: 9%{?dist}
|
||||||
License: libtiff
|
License: libtiff
|
||||||
URL: http://www.simplesystems.org/libtiff/
|
URL: http://www.simplesystems.org/libtiff/
|
||||||
|
|
||||||
|
@ -26,6 +26,7 @@ Patch0011: 0011-CVE-2023-0800-CVE-2023-0801-CVE-2023-0802-CVE-2023-0.patch
|
||||||
Patch0012: 0012-Merge-branch-tiffcrop_correctly_update_buffersize_af.patch
|
Patch0012: 0012-Merge-branch-tiffcrop_correctly_update_buffersize_af.patch
|
||||||
# CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799
|
# CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799
|
||||||
Patch0013: 0013-CVE-2023-0795-CVE-2023-0796-CVE-2023-0797-CVE-2023-0.patch
|
Patch0013: 0013-CVE-2023-0795-CVE-2023-0796-CVE-2023-0797-CVE-2023-0.patch
|
||||||
|
Patch0014: 0014-CVE-2023-2731-LZWDecode-avoid-crash-when-trying-to-r.patch
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -180,6 +181,10 @@ find html -name 'Makefile*' | xargs rm
|
||||||
%{_mandir}/man1/*
|
%{_mandir}/man1/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jun 08 2023 Matej Mužila <mmuzila@redhat.com> - 4.4.0-9
|
||||||
|
- Fix CVE-2023-2731
|
||||||
|
- Resolves: CVE-2023-2731
|
||||||
|
|
||||||
* Tue Mar 21 2023 Matej Mužila <mmuzila@redhat.com> - 4.4.0-8
|
* Tue Mar 21 2023 Matej Mužila <mmuzila@redhat.com> - 4.4.0-8
|
||||||
- Fix CVE-2023-0800 CVE-2023-0801 CVE-2023-0802 CVE-2023-0803 CVE-2023-0804
|
- Fix CVE-2023-0800 CVE-2023-0801 CVE-2023-0802 CVE-2023-0803 CVE-2023-0804
|
||||||
CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799
|
CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799
|
||||||
|
|
Loading…
Reference in New Issue