mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-02 13:29:49 +00:00
Code Issues Projects Releases Wiki Activity

tiff: backport a fix for CVE-2023-2731

Browse Source 
This patch fixes an issue in libtiff's LZWDecode function which could cause a null pointer dereference.

(From OE-Core rev: 7da5abf23232f61bf8009b4b8e97632768867e07)

Signed-off-by: Natasha Bailey <nat.bailey@windriver.com>
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Natasha Bailey
2023-05-30 15:16:06 -07:00
committed by Richard Purdie
parent 47bc65bf55
commit 2f56bdb289
2 changed files with 42 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-multimedia/libtiff/files/CVE-2023-2731.patch
+39
View File
@@ -0,0 +1,39 @@
From 9be22b639ea69e102d3847dca4c53ef025e9527b Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Sat, 29 Apr 2023 12:20:46 +0200
Subject: [PATCH] LZWDecode(): avoid crash when trying to read again from a
strip whith a missing end-of-information marker (fixes #548)
CVE: CVE-2023-2731
Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/9be22b639ea69e102d3847dca4c53ef025e9527b]
---
libtiff/tif_lzw.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/libtiff/tif_lzw.c b/libtiff/tif_lzw.c
index ba75a07e..d631fa10 100644
--- a/libtiff/tif_lzw.c
+++ b/libtiff/tif_lzw.c
@@ -423,6 +423,10 @@ static int LZWDecode(TIFF *tif, uint8_t *op0, tmsize_t occ0, uint16_t s)
if (sp->read_error)
{
+ TIFFErrorExtR(tif, module,
+ "LZWDecode: Scanline %" PRIu32 " cannot be read due to "
+ "previous error",
+ tif->tif_row);
return 0;
}
@@ -742,6 +746,7 @@ after_loop:
return (1);
no_eoi:
+ sp->read_error = 1;
TIFFErrorExtR(tif, module,
"LZWDecode: Strip %" PRIu32 " not terminated with EOI code",
tif->tif_curstrip);
--
2.34.1
meta/recipes-multimedia/libtiff/tiff_4.5.0.bb
+3 -1
View File
@@ -9,7 +9,9 @@ LIC_FILES_CHKSUM = "file://LICENSE.md;md5=a3e32d664d6db1386b4689c8121531c3"
CVE_PRODUCT = "libtiff" CVE_PRODUCT = "libtiff"
SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
file://CVE-2022-48281.patch" file://CVE-2022-48281.patch \
file://CVE-2023-2731.patch \
"
SRC_URI[sha256sum] = "c7a1d9296649233979fa3eacffef3fa024d73d05d589cb622727b5b08c423464" SRC_URI[sha256sum] = "c7a1d9296649233979fa3eacffef3fa024d73d05d589cb622727b5b08c423464"