4de82c0597
* CVE-2022-3597 [bsc#1204641]
* CVE-2022-3626 [bsc#1204644]
* CVE-2022-3627 [bsc#1204645]
+ tiff-CVE-2022-3597,CVE-2022-3626,CVE-2022-3627.patch
* CVE-2022-3599 [bsc#1204643]
+ tiff-CVE-2022-3599.patch
* CVE-2022-3598 [bsc#1204642]
+ tiff-CVE-2022-3598.patch
OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=161
67 lines
3.2 KiB
Diff
67 lines
3.2 KiB
Diff
Index: tiff-4.4.0/tools/tiffcrop.c
|
|
===================================================================
|
|
--- tiff-4.4.0.orig/tools/tiffcrop.c
|
|
+++ tiff-4.4.0/tools/tiffcrop.c
|
|
@@ -108,8 +108,10 @@
|
|
* lower level, scanline level routines. Debug reports a limited set
|
|
* of messages to monitor progress without enabling dump logs.
|
|
*
|
|
- * Note: The (-X|-Y), -Z, -z and -S options are mutually exclusive.
|
|
+ * Note 1: The (-X|-Y), -Z, -z and -S options are mutually exclusive.
|
|
* In no case should the options be applied to a given selection successively.
|
|
+ * Note 2: Any of the -X, -Y, -Z and -z options together with other PAGE_MODE_x options
|
|
+ * such as -H, -V, -P, -J or -K are not supported and may cause buffer overflows.
|
|
*/
|
|
|
|
static char tiffcrop_version_id[] = "2.5";
|
|
@@ -781,8 +783,10 @@ static const char usage_info[] =
|
|
" The four debug/dump options are independent, though it makes little sense to\n"
|
|
" specify a dump file without specifying a detail level.\n"
|
|
"\n"
|
|
-"Note: The (-X|-Y), -Z, -z and -S options are mutually exclusive.\n"
|
|
+"Note 1: The (-X|-Y), -Z, -z and -S options are mutually exclusive.\n"
|
|
" In no case should the options be applied to a given selection successively.\n"
|
|
+"Note 2: Any of the -X, -Y, -Z and -z options together with other PAGE_MODE_x options\n"
|
|
+" such as - H, -V, -P, -J or -K are not supported and may cause buffer overflows.\n"
|
|
"\n"
|
|
;
|
|
|
|
@@ -2138,9 +2142,20 @@ void process_command_opts (int argc, ch
|
|
R = (crop_data->crop_mode & CROP_REGIONS) ? 1 : 0;
|
|
S = (page->mode & PAGE_MODE_ROWSCOLS) ? 1 : 0;
|
|
if (XY + Z + R + S > 1) {
|
|
- TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->Exit");
|
|
+ TIFFError("tiffcrop input error", "The crop options(-X|-Y), -Z, -z and -S are mutually exclusive.->exit");
|
|
exit(EXIT_FAILURE);
|
|
}
|
|
+
|
|
+ /* Check for not allowed combination:
|
|
+ * Any of the -X, -Y, -Z and -z options together with other PAGE_MODE_x options
|
|
+ * such as -H, -V, -P, -J or -K are not supported and may cause buffer overflows.
|
|
+. */
|
|
+ if ((XY + Z + R > 0) && page->mode != PAGE_MODE_NONE) {
|
|
+ TIFFError("tiffcrop input error",
|
|
+ "Any of the crop options -X, -Y, -Z and -z together with other PAGE_MODE_x options such as - H, -V, -P, -J or -K is not supported and may cause buffer overflows..->exit");
|
|
+ exit(EXIT_FAILURE);
|
|
+ }
|
|
+
|
|
} /* end process_command_opts */
|
|
|
|
/* Start a new output file if one has not been previously opened or
|
|
@@ -2411,6 +2426,7 @@ main(int argc, char* argv[])
|
|
exit (EXIT_FAILURE);
|
|
}
|
|
|
|
+ /* Crop input image and copy zones and regions from input image into seg_buffs or crop_buff. */
|
|
if (crop.selections > 0)
|
|
{
|
|
if (processCropSelections(&image, &crop, &read_buff, seg_buffs))
|
|
@@ -2427,6 +2443,7 @@ main(int argc, char* argv[])
|
|
exit (EXIT_FAILURE);
|
|
}
|
|
}
|
|
+ /* Format and write selected image parts to output file(s). */
|
|
if (page.mode == PAGE_MODE_NONE)
|
|
{ /* Whole image or sections not based on output page size */
|
|
if (crop.selections > 0)
|