rpms/libtiff
7
0
Fork 0
Code Issues Pull Requests Releases Activity

fix CVE-2024-7006 a null pointer dereference in tif_dirinfo (RHEL-52926)

Browse Source 
Resolves: RHEL-52926
This commit is contained in:
Michal Hlavinka 2024-08-29 18:14:46 +02:00
parent 2185db78ed
commit ac106b1543
2 changed files with 57 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
libtiff-4.6.0-CVE-2024-7006.patch Normal file
View File

@ -0,0 +1,47 @@
diff --git a/libtiff/tif_dirinfo.c b/libtiff/tif_dirinfo.c
index bff7592a8fd92d24b591b6d342fa98922246db8c..2338ca21c82295ee8ab3da86035d43398fef8efc 100644
--- a/libtiff/tif_dirinfo.c
+++ b/libtiff/tif_dirinfo.c
@@ -887,7 +887,7 @@ const TIFFField *_TIFFFindOrRegisterField(TIFF *tif, uint32_t tag,
if (fld == NULL)
{
fld = _TIFFCreateAnonField(tif, tag, dt);
- if (!_TIFFMergeFields(tif, fld, 1))
+ if (fld == NULL || !_TIFFMergeFields(tif, fld, 1))
return NULL;
}
diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
index c79694145c30d70901a84bcb8932a2fcf5ad24dd..242912f3be5d15548510ce77ac791e53b112e417 100644
--- a/libtiff/tif_dirread.c
+++ b/libtiff/tif_dirread.c
@@ -4278,11 +4278,9 @@ int TIFFReadDirectory(TIFF *tif)
dp->tdir_tag, dp->tdir_tag);
/* the following knowingly leaks the
anonymous field structure */
- if (!_TIFFMergeFields(
- tif,
- _TIFFCreateAnonField(tif, dp->tdir_tag,
- (TIFFDataType)dp->tdir_type),
- 1))
+ const TIFFField *fld = _TIFFCreateAnonField(
+ tif, dp->tdir_tag, (TIFFDataType)dp->tdir_type);
+ if (fld == NULL || !_TIFFMergeFields(tif, fld, 1))
{
TIFFWarningExtR(
tif, module,
@@ -5156,11 +5154,9 @@ int TIFFReadCustomDirectory(TIFF *tif, toff_t diroff,
"Unknown field with tag %" PRIu16 " (0x%" PRIx16
") encountered",
dp->tdir_tag, dp->tdir_tag);
- if (!_TIFFMergeFields(
- tif,
- _TIFFCreateAnonField(tif, dp->tdir_tag,
- (TIFFDataType)dp->tdir_type),
- 1))
+ const TIFFField *fld = _TIFFCreateAnonField(
+ tif, dp->tdir_tag, (TIFFDataType)dp->tdir_type);
+ if (fld == NULL || !_TIFFMergeFields(tif, fld, 1))
{
TIFFWarningExtR(tif, module,
"Registering anonymous field with tag %" PRIu16

12
libtiff.spec
View File

@ -1,7 +1,7 @@
Summary: Library of functions for manipulating TIFF format image files
Name: libtiff
Version: 4.6.0
Release: 3%{?dist}
Release: 4%{?dist}
License: libtiff
URL: http://www.simplesystems.org/libtiff/
@ -9,6 +9,10 @@ Source: http://download.osgeo.org/libtiff/tiff-%{version}.tar.gz
Patch0: libtiff-am-version.patch
# from upstream, for <=4.6.0, RHEL-52926
# https://gitlab.com/libtiff/libtiff/-/commit/3705f82b6483c7906cf08cd6b9dcdcd59c61d779
Patch1: libtiff-4.6.0-CVE-2024-7006.patch
BuildRequires: gcc, gcc-c++
BuildRequires: zlib-devel libjpeg-devel jbigkit-devel libzstd-devel libwebp-devel liblerc-devel
BuildRequires: libtool automake autoconf pkgconfig
@ -60,7 +64,8 @@ image files using the libtiff library.
%prep
%autosetup -n tiff-%{version} -N
%patch0 -p1 -b .backup
%patch -P 0 -p1 -b .backup
%patch -P 1 -p1 -b .CVE-2024-7006
# Use build system's libtool.m4, not the one in the package.
rm -f libtool.m4
@ -164,6 +169,9 @@ LD_LIBRARY_PATH=$PWD:$LD_LIBRARY_PATH make check
%{_mandir}/man1/*
%changelog
* Wed Aug 21 2024 Michal Hlavinka <mhlavink@redhat.com> - 4.6.0-4
- fix CVE-2024-7006 a null pointer dereference in tif_dirinfo (RHEL-52926)
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 4.6.0-3
- Bump release for June 2024 mass rebuild