diff -up tiff-4.4.0/libtiff/tif_dirinfo.c.CVE-2024-7006 tiff-4.4.0/libtiff/tif_dirinfo.c --- tiff-4.4.0/libtiff/tif_dirinfo.c.CVE-2024-7006 2024-08-16 00:35:35.339965778 +0200 +++ tiff-4.4.0/libtiff/tif_dirinfo.c 2024-08-16 00:54:58.255221954 +0200 @@ -824,7 +824,7 @@ _TIFFFindOrRegisterField(TIFF *tif, uint fld = TIFFFindField(tif, tag, dt); if (fld == NULL) { fld = _TIFFCreateAnonField(tif, tag, dt); - if (!_TIFFMergeFields(tif, fld, 1)) + if (fld == NULL || !_TIFFMergeFields(tif, fld, 1)) return NULL; } diff -up tiff-4.4.0/libtiff/tif_dirread.c.CVE-2024-7006 tiff-4.4.0/libtiff/tif_dirread.c --- tiff-4.4.0/libtiff/tif_dirread.c.CVE-2024-7006 2024-08-16 00:35:35.341965797 +0200 +++ tiff-4.4.0/libtiff/tif_dirread.c 2024-08-16 00:59:02.455017380 +0200 @@ -4038,11 +4038,10 @@ TIFFReadDirectory(TIFF* tif) dp->tdir_tag,dp->tdir_tag); /* the following knowingly leaks the anonymous field structure */ - if (!_TIFFMergeFields(tif, - _TIFFCreateAnonField(tif, - dp->tdir_tag, - (TIFFDataType) dp->tdir_type), - 1)) { + const TIFFField *fld = _TIFFCreateAnonField( + tif, dp->tdir_tag, (TIFFDataType)dp->tdir_type); + if (fld == NULL || !_TIFFMergeFields(tif, fld, 1)) + { TIFFWarningExt(tif->tif_clientdata, module, "Registering anonymous field with tag %"PRIu16" (0x%"PRIx16") failed", @@ -4805,10 +4804,10 @@ TIFFReadCustomDirectory(TIFF* tif, toff_ TIFFWarningExt(tif->tif_clientdata, module, "Unknown field with tag %"PRIu16" (0x%"PRIx16") encountered", dp->tdir_tag, dp->tdir_tag); - if (!_TIFFMergeFields(tif, _TIFFCreateAnonField(tif, - dp->tdir_tag, - (TIFFDataType) dp->tdir_type), - 1)) { + const TIFFField *fld = _TIFFCreateAnonField( + tif, dp->tdir_tag, (TIFFDataType)dp->tdir_type); + if (fld == NULL || !_TIFFMergeFields(tif, fld, 1)) + { TIFFWarningExt(tif->tif_clientdata, module, "Registering anonymous field with tag %"PRIu16" (0x%"PRIx16") failed", dp->tdir_tag, dp->tdir_tag);