diff -up tiff-4.4.0/libtiff/tif_dirinfo.c.CVE-2024-7006 tiff-4.4.0/libtiff/tif_dirinfo.c --- tiff-4.4.0/libtiff/tif_dirinfo.c.CVE-2024-7006 2024-08-16 00:35:35.339965778 +0200 +++ tiff-4.4.0/libtiff/tif_dirinfo.c 2024-08-16 00:54:58.255221954 +0200 @@ -824,7 +824,7 @@ _TIFFFindOrRegisterField(TIFF *tif, uint fld = TIFFFindField(tif, tag, dt); if (fld == NULL) { fld = _TIFFCreateAnonField(tif, tag, dt); - if (!_TIFFMergeFields(tif, fld, 1)) + if (fld == NULL || !_TIFFMergeFields(tif, fld, 1)) return NULL; } diff -up tiff-4.0.9/libtiff/tif_dirread.c~ tiff-4.0.9/libtiff/tif_dirread.c --- tiff-4.0.9/libtiff/tif_dirread.c~ 2024-08-29 23:31:19.884308223 +0200 +++ tiff-4.0.9/libtiff/tif_dirread.c 2024-08-29 23:31:19.909308479 +0200 @@ -3667,11 +3667,10 @@ TIFFReadDirectory(TIFF* tif) dp->tdir_tag,dp->tdir_tag); /* the following knowingly leaks the anonymous field structure */ - if (!_TIFFMergeFields(tif, - _TIFFCreateAnonField(tif, - dp->tdir_tag, - (TIFFDataType) dp->tdir_type), - 1)) { + const TIFFField *fld = _TIFFCreateAnonField( + tif, dp->tdir_tag, (TIFFDataType)dp->tdir_type); + if (fld == NULL || !_TIFFMergeFields(tif, fld, 1)) + { TIFFWarningExt(tif->tif_clientdata, module, "Registering anonymous field with tag %d (0x%x) failed", @@ -4392,10 +4391,10 @@ TIFFReadCustomDirectory(TIFF* tif, toff_ TIFFWarningExt(tif->tif_clientdata, module, "Unknown field with tag %d (0x%x) encountered", dp->tdir_tag, dp->tdir_tag); - if (!_TIFFMergeFields(tif, _TIFFCreateAnonField(tif, - dp->tdir_tag, - (TIFFDataType) dp->tdir_type), - 1)) { + const TIFFField *fld = _TIFFCreateAnonField( + tif, dp->tdir_tag, (TIFFDataType)dp->tdir_type); + if (fld == NULL || !_TIFFMergeFields(tif, fld, 1)) + { TIFFWarningExt(tif->tif_clientdata, module, "Registering anonymous field with tag %d (0x%x) failed", dp->tdir_tag, dp->tdir_tag);