pool/tiff
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1141711 from graphics

Browse Source 
- security update:
  * CVE-2023-52356 [bsc#1219213]
    Fix segfault in TIFFReadRGBATileExt()
    + tiff-CVE-2023-52356.patch

OBS-URL: https://build.opensuse.org/request/show/1141711
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tiff?expand=0&rev=95
This commit is contained in:
Ana Guerrero 2024-01-26 21:46:18 +00:00 committed by Git OBS Bridge
commit c89d273387
3 changed files with 43 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
tiff-CVE-2023-52356.patch Normal file
View File

@ -0,0 +1,33 @@
Index: tiff-4.6.0/libtiff/tif_getimage.c
===================================================================
--- tiff-4.6.0.orig/libtiff/tif_getimage.c
+++ tiff-4.6.0/libtiff/tif_getimage.c
@@ -3224,6 +3224,13 @@ int TIFFReadRGBAStripExt(TIFF *tif, uint
if (TIFFRGBAImageOK(tif, emsg) &&
TIFFRGBAImageBegin(&img, tif, stop_on_error, emsg))
{
+ if (row >= img.height)
+ {
+ TIFFErrorExtR(tif, TIFFFileName(tif),
+ "Invalid row passed to TIFFReadRGBAStrip().");
+ TIFFRGBAImageEnd(&img);
+ return (0);
+ }
img.row_offset = row;
img.col_offset = 0;
@@ -3301,6 +3308,14 @@ int TIFFReadRGBATileExt(TIFF *tif, uint3
return (0);
}
+ if (col >= img.width || row >= img.height)
+ {
+ TIFFErrorExtR(tif, TIFFFileName(tif),
+ "Invalid row/col passed to TIFFReadRGBATile().");
+ TIFFRGBAImageEnd(&img);
+ return (0);
+ }
+
/*
* The TIFFRGBAImageGet() function doesn't allow us to get off the
* edge of the image, even to fill an otherwise valid tile. So we

8
tiff.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Fri Jan 26 09:59:33 UTC 2024 - Michael Vetter <mvetter@suse.com>
- security update:
* CVE-2023-52356 [bsc#1219213]
Fix segfault in TIFFReadRGBATileExt()
+ tiff-CVE-2023-52356.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Sep 15 05:55:34 UTC 2023 - Paolo Stivanin <info@paolostivanin.com> Fri Sep 15 05:55:34 UTC 2023 - Paolo Stivanin <info@paolostivanin.com>

3
tiff.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package tiff # spec file for package tiff
# #
# Copyright (c) 2023 SUSE LLC # Copyright (c) 2024 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -31,6 +31,7 @@ Source2: README.SUSE
Source3: baselibs.conf Source3: baselibs.conf
Source99: tiff.keyring Source99: tiff.keyring
Patch0: tiff-4.0.3-seek.patch Patch0: tiff-4.0.3-seek.patch
Patch1: tiff-CVE-2023-52356.patch
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: libjbig-devel BuildRequires: libjbig-devel
BuildRequires: libjpeg-devel BuildRequires: libjpeg-devel