rpms / libtiff

Clone
Source Code
GIT

Blame SOURCES/libtiff-CVE-2015-8870.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c7-beta
  2.   SOURCES
  3.   libtiff-CVE-2015-8870.patch
Blob History Raw
460672 
From fb0bc75826b860609c59848d85daa43beb7838d6 Mon Sep 17 00:00:00 2001
460672 
From: =?UTF-8?q?Nikola=20Forr=C3=B3?= <nforro@redhat.com>
460672 
Date: Thu, 12 Jan 2017 15:34:59 +0100
460672 
Subject: [PATCH 5/5] Fix CVE-2015-8870
460672
460672 
---
460672 
 tools/bmp2tiff.c | 9 +++++++++
460672 
 1 file changed, 9 insertions(+)
460672
460672 
diff --git a/tools/bmp2tiff.c b/tools/bmp2tiff.c
460672 
index c747c13..384cf96 100644
460672 
--- a/tools/bmp2tiff.c
460672 
+++ b/tools/bmp2tiff.c
460672 
@@ -634,7 +634,16 @@ main(int argc, char* argv[])
460672 
 				}
460672 
 			}
460672 
 			else
460672 
+			{
460672 
 				uncompr_size = width * length;
460672 
+				/* Detect int overflow */
460672 
+				if (uncompr_size / width != length) {
460672 
+					TIFFError(infilename,
460672 
+							   "Invalid dimensions of BMP file");
460672 
+					close(fd);
460672 
+					return -1;
460672 
+				}
460672 
+			}
460672 
 			comprbuf = (unsigned char *) _TIFFmalloc( compr_size );
460672 
 			if (!comprbuf) {
460672 
 				TIFFError(infilename,
460672 
--
460672 
2.7.4
460672

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation