packages/libtiff
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2023-2731

Browse Source 
(cherry picked from commit a194ef6e717d1e13f7b283ecc3e5d63e2b9fa5bc)
This commit is contained in:
zhangpan 2023-05-24 09:01:51 +00:00 committed by openeuler-sync-bot
parent 3680c6bfb9
commit 625960b341
2 changed files with 42 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
backport-CVE-2023-2731.patch Normal file
View File

@ -0,0 +1,37 @@
From 9be22b639ea69e102d3847dca4c53ef025e9527b Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Sat, 29 Apr 2023 12:20:46 +0200
Subject: [PATCH] LZWDecode(): avoid crash when trying to read again from a
strip whith a missing end-of-information marker (fixes #548)
Reference:https://github.com/libsdl-org/libtiff/commit/9be22b639ea69e102d3847dca4c53ef025e9527b
Conflict:Adaptation Context
---
libtiff/tif_lzw.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/libtiff/tif_lzw.c b/libtiff/tif_lzw.c
index 1f255d9..c0ef99c 100644
--- a/libtiff/tif_lzw.c
+++ b/libtiff/tif_lzw.c
@@ -404,6 +404,10 @@ LZWDecode(TIFF* tif, uint8_t* op0, tmsize_t occ0, uint16_t s)
assert(sp->dec_codetab != NULL);
if (sp->read_error) {
+ TIFFErrorExt(tif->tif_clientdata, module,
+ "LZWDecode: Scanline %" PRIu32 " cannot be read due to "
+ "previous error",
+ tif->tif_row);
return 0;
}
@@ -712,6 +716,7 @@ after_loop:
return (1);
no_eoi:
+ sp->read_error = 1;
TIFFErrorExt(tif->tif_clientdata, module,
"LZWDecode: Strip %"PRIu32" not terminated with EOI code",
tif->tif_curstrip);
--
2.33.0

6
libtiff.spec
View File

@ -1,6 +1,6 @@
Name: libtiff Name: libtiff
Version: 4.3.0 Version: 4.3.0
Release: 24 Release: 25
Summary: TIFF Library and Utilities Summary: TIFF Library and Utilities
License: libtiff License: libtiff
URL: https://www.simplesystems.org/libtiff/ URL: https://www.simplesystems.org/libtiff/
@ -35,6 +35,7 @@ Patch6025: backport-CVE-2022-48281.patch
Patch6026: backport-0001-CVE-2023-0795-0796-0797-0798-0799.patch Patch6026: backport-0001-CVE-2023-0795-0796-0797-0798-0799.patch
Patch6027: backport-0002-CVE-2023-0795-0796-0797-0798-0799.patch Patch6027: backport-0002-CVE-2023-0795-0796-0797-0798-0799.patch
Patch6028: backport-CVE-2023-0800-0801-0802-0803-0804.patch Patch6028: backport-CVE-2023-0800-0801-0802-0803-0804.patch
Patch6029: backport-CVE-2023-2731.patch
Patch9000: fix-raw2tiff-floating-point-exception.patch Patch9000: fix-raw2tiff-floating-point-exception.patch
@ -158,6 +159,9 @@ find html -name 'Makefile*' | xargs rm
%exclude %{_datadir}/html/man/tiffgt.1.html %exclude %{_datadir}/html/man/tiffgt.1.html
%changelog %changelog
* Wed May 24 2023 zhangpan <zhangpan103@h-partners.com> - 4.3.0-25
- fix CVE-2023-2731
* Mon Feb 20 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 4.3.0-24 * Mon Feb 20 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 4.3.0-24
- modified backport-CVE-2022-48281.patch - modified backport-CVE-2022-48281.patch