pool/tiff
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- security update:

Browse Source 
* CVE-2022-3970 [bsc#1205392]
    + tiff-CVE-2022-3970.patch

OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=162
This commit is contained in:
Michael Vetter 2022-11-14 11:55:22 +00:00 committed by Git OBS Bridge
parent 4de82c0597
commit 9b48e2850a
3 changed files with 33 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
tiff-CVE-2022-3970.patch Normal file
View File

@ -0,0 +1,24 @@
Index: tiff-4.4.0/libtiff/tif_getimage.c
===================================================================
--- tiff-4.4.0.orig/libtiff/tif_getimage.c
+++ tiff-4.4.0/libtiff/tif_getimage.c
@@ -3058,15 +3058,15 @@ TIFFReadRGBATileExt(TIFF* tif, uint32_t
return( ok );
for( i_row = 0; i_row < read_ysize; i_row++ ) {
- memmove( raster + (tile_ysize - i_row - 1) * tile_xsize,
- raster + (read_ysize - i_row - 1) * read_xsize,
+ memmove( raster + (size_t)(tile_ysize - i_row - 1) * tile_xsize,
+ raster + (size_t)(read_ysize - i_row - 1) * read_xsize,
read_xsize * sizeof(uint32_t) );
- _TIFFmemset( raster + (tile_ysize - i_row - 1) * tile_xsize+read_xsize,
+ _TIFFmemset( raster + (size_t)(tile_ysize - i_row - 1) * tile_xsize+read_xsize,
0, sizeof(uint32_t) * (tile_xsize - read_xsize) );
}
for( i_row = read_ysize; i_row < tile_ysize; i_row++ ) {
- _TIFFmemset( raster + (tile_ysize - i_row - 1) * tile_xsize,
+ _TIFFmemset( raster + (size_t)(tile_ysize - i_row - 1) * tile_xsize,
0, sizeof(uint32_t) * tile_xsize );
}

7
tiff.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Mon Nov 14 11:54:03 UTC 2022 - Michael Vetter <mvetter@suse.com>
- security update:
* CVE-2022-3970 [bsc#1205392]
+ tiff-CVE-2022-3970.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Sun Nov 13 20:42:25 UTC 2022 - Michael Vetter <mvetter@suse.com> Sun Nov 13 20:42:25 UTC 2022 - Michael Vetter <mvetter@suse.com>

2
tiff.spec
View File

@ -39,6 +39,7 @@ Patch4: tiff-CVE-2022-2519,CVE-2022-2520,CVE-2022-2521.patch
Patch5: tiff-CVE-2022-3597,CVE-2022-3626,CVE-2022-3627.patch Patch5: tiff-CVE-2022-3597,CVE-2022-3626,CVE-2022-3627.patch
Patch6: tiff-CVE-2022-3599.patch Patch6: tiff-CVE-2022-3599.patch
Patch7: tiff-CVE-2022-3598.patch Patch7: tiff-CVE-2022-3598.patch
Patch8: tiff-CVE-2022-3970.patch
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: libjbig-devel BuildRequires: libjbig-devel
BuildRequires: libjpeg-devel BuildRequires: libjpeg-devel
@ -84,6 +85,7 @@ the libtiff library.
%patch5 -p1 %patch5 -p1
%patch6 -p1 %patch6 -p1
%patch7 -p1 %patch7 -p1
%patch8 -p1
%build %build
CFLAGS="%{optflags} -fPIE" CFLAGS="%{optflags} -fPIE"