diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2024-13978.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2024-13978.patch new file mode 100644 index 0000000000..3a4845d415 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2024-13978.patch @@ -0,0 +1,47 @@ +From 2ebfffb0e8836bfb1cd7d85c059cd285c59761a4 Mon Sep 17 00:00:00 2001 +From: Lee Howard +Date: Sat, 5 Oct 2024 09:45:30 -0700 +Subject: [PATCH] Check TIFFTAG_TILELENGTH and TIFFTAGTILEWIDTH for valid + input, addresses issue #650 + +CVE: CVE-2024-13978 +Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/2ebfffb0e8836bfb1cd7d85c059cd285c59761a4] + +Signed-off-by: Yogita Urade +--- + tools/tiff2pdf.c | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c +index 63751f1..fef28d1 100644 +--- a/tools/tiff2pdf.c ++++ b/tools/tiff2pdf.c +@@ -1255,9 +1255,25 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* input){ + TIFFGetField(input, + TIFFTAG_TILEWIDTH, + &( t2p->tiff_tiles[i].tiles_tilewidth) ); ++ if (t2p->tiff_tiles[i].tiles_tilewidth < 1) ++ { ++ TIFFError(TIFF2PDF_MODULE, "Invalid tile width (%d), %s", ++ t2p->tiff_tiles[i].tiles_tilewidth, ++ TIFFFileName(input)); ++ t2p->t2p_error = T2P_ERR_ERROR; ++ return; ++ } + TIFFGetField(input, + TIFFTAG_TILELENGTH, + &( t2p->tiff_tiles[i].tiles_tilelength) ); ++ if (t2p->tiff_tiles[i].tiles_tilelength < 1) ++ { ++ TIFFError(TIFF2PDF_MODULE, "Invalid tile length (%d), %s", ++ t2p->tiff_tiles[i].tiles_tilelength, ++ TIFFFileName(input)); ++ t2p->t2p_error = T2P_ERR_ERROR; ++ return; ++ } + t2p->tiff_tiles[i].tiles_tiles = + (T2P_TILE*) _TIFFmalloc(TIFFSafeMultiply(tmsize_t,t2p->tiff_tiles[i].tiles_tilecount, + sizeof(T2P_TILE)) ); +-- +2.40.0 + diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb index 4c9c212312..d5ae82bc7c 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb @@ -59,6 +59,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ file://CVE-2025-8176-0002.patch \ file://CVE-2025-8176-0003.patch \ file://CVE-2025-8177.patch \ + file://CVE-2024-13978.patch \ " SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"