rpms/libtiff
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix CVE-2018-10779 (#1577316)

Browse Source
This commit is contained in:
Nikola Forró 2018-10-11 13:09:09 +02:00
parent 2c55bfaeae
commit c3eccd2c64
2 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
libtiff-CVE-2018-10779.patch Normal file
View File

@ -0,0 +1,24 @@
commit 14ffb69a5892fcfff6c72e73af74565467ab6ae9
Author: Even Rouault <even.rouault@spatialys.com>
Date: Wed Aug 15 16:34:40 2018 +0200
TIFFSetupStrips(): avoid potential uint32 overflow on 32-bit systems with large number of strips. Probably relates to http://bugzilla.maptools.org/show_bug.cgi?id=2788 / CVE-2018-10779
diff --git a/libtiff/tif_write.c b/libtiff/tif_write.c
index 4c216ec..208a2ee 100644
--- a/libtiff/tif_write.c
+++ b/libtiff/tif_write.c
@@ -540,9 +540,11 @@ TIFFSetupStrips(TIFF* tif)
if (td->td_planarconfig == PLANARCONFIG_SEPARATE)
td->td_stripsperimage /= td->td_samplesperpixel;
td->td_stripoffset = (uint64 *)
- _TIFFmalloc(td->td_nstrips * sizeof (uint64));
+ _TIFFCheckMalloc(tif, td->td_nstrips, sizeof (uint64),
+ "for \"StripOffsets\" array");
td->td_stripbytecount = (uint64 *)
- _TIFFmalloc(td->td_nstrips * sizeof (uint64));
+ _TIFFCheckMalloc(tif, td->td_nstrips, sizeof (uint64),
+ "for \"StripByteCounts\" array");
if (td->td_stripoffset == NULL || td->td_stripbytecount == NULL)
return (0);
/*

7
libtiff.spec
View File

@ -1,7 +1,7 @@
Summary: Library of functions for manipulating TIFF format image files Summary: Library of functions for manipulating TIFF format image files
Name: libtiff Name: libtiff
Version: 4.0.9 Version: 4.0.9
Release: 11%{?dist} Release: 12%{?dist}
License: libtiff License: libtiff
Group: System Environment/Libraries Group: System Environment/Libraries
URL: http://www.simplesystems.org/libtiff/ URL: http://www.simplesystems.org/libtiff/
@ -17,6 +17,7 @@ Patch5: libtiff-CVE-2017-18013.patch
Patch6: libtiff-CVE-2018-8905.patch Patch6: libtiff-CVE-2018-8905.patch
Patch7: libtiff-CVE-2018-10963.patch Patch7: libtiff-CVE-2018-10963.patch
Patch8: libtiff-CVE-2017-11613.patch Patch8: libtiff-CVE-2017-11613.patch
Patch9: libtiff-CVE-2018-10779.patch
BuildRequires: gcc, gcc-c++ BuildRequires: gcc, gcc-c++
BuildRequires: zlib-devel libjpeg-devel jbigkit-devel BuildRequires: zlib-devel libjpeg-devel jbigkit-devel
@ -77,6 +78,7 @@ image files using the libtiff library.
%patch6 -p1 %patch6 -p1
%patch7 -p1 %patch7 -p1
%patch8 -p1 %patch8 -p1
%patch9 -p1
# Use build system's libtool.m4, not the one in the package. # Use build system's libtool.m4, not the one in the package.
rm -f libtool.m4 rm -f libtool.m4
@ -180,6 +182,9 @@ find html -name 'Makefile*' | xargs rm
%{_mandir}/man1/* %{_mandir}/man1/*
%changelog %changelog
* Thu Oct 11 2018 Nikola Forró <nforro@redhat.com> - 4.0.9-12
- Fix CVE-2018-10779 (#1577316)
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.0.9-11 * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.0.9-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild