rpms / libtiff

Clone
Source Code
GIT

Blame SOURCES/libtiff-CVE-2015-8870.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   70f9f0cf3d31e314263d286a0ff78b3947810abf
  2.   SOURCES
  3.   libtiff-CVE-2015-8870.patch
Blob History Raw
70f9f0 
From fb0bc75826b860609c59848d85daa43beb7838d6 Mon Sep 17 00:00:00 2001
70f9f0 
From: =?UTF-8?q?Nikola=20Forr=C3=B3?= <nforro@redhat.com>
70f9f0 
Date: Thu, 12 Jan 2017 15:34:59 +0100
70f9f0 
Subject: [PATCH 5/5] Fix CVE-2015-8870
70f9f0
70f9f0 
---
70f9f0 
 tools/bmp2tiff.c | 9 +++++++++
70f9f0 
 1 file changed, 9 insertions(+)
70f9f0
70f9f0 
diff --git a/tools/bmp2tiff.c b/tools/bmp2tiff.c
70f9f0 
index c747c13..384cf96 100644
70f9f0 
--- a/tools/bmp2tiff.c
70f9f0 
+++ b/tools/bmp2tiff.c
70f9f0 
@@ -634,7 +634,16 @@ main(int argc, char* argv[])
70f9f0 
 				}
70f9f0 
 			}
70f9f0 
 			else
70f9f0 
+			{
70f9f0 
 				uncompr_size = width * length;
70f9f0 
+				/* Detect int overflow */
70f9f0 
+				if (uncompr_size / width != length) {
70f9f0 
+					TIFFError(infilename,
70f9f0 
+							   "Invalid dimensions of BMP file");
70f9f0 
+					close(fd);
70f9f0 
+					return -1;
70f9f0 
+				}
70f9f0 
+			}
70f9f0 
 			comprbuf = (unsigned char *) _TIFFmalloc( compr_size );
70f9f0 
 			if (!comprbuf) {
70f9f0 
 				TIFFError(infilename,
70f9f0 
--
70f9f0 
2.7.4
70f9f0

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation