fix CVE-2023-3618

(cherry picked from commit 2bdfd6b8a6b618934270944e0848ec6ce2c03a13)
2023-08-16 14:47:12 +08:00 · 2023-08-16 14:47:12 +08:00 · 759fdaaa51
commit 759fdaaa51
parent d4a65bd3c0
2 changed files with 47 additions and 1 deletions
--- a/backport-CVE-2023-3618.patch
+++ b/backport-CVE-2023-3618.patch
@ -0,0 +1,42 @@
+From 4f6da09f67b472a64f684ed8125cc0e316a395b1 Mon Sep 17 00:00:00 2001
+From: liningjie <liningjie@xfusion.com>
+Date: Mon, 14 Aug 2023 23:17:28 +0800
+Subject: [PATCH] Consider error return of writeSelections(). Fixes #553
+
+---
+ tools/tiffcrop.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index 39156b5..cb8139b 100644
+--- a/tools/tiffcrop.c
+++ b/tools/tiffcrop.c
+@@ -2464,8 +2464,14 @@ main(int argc, char* argv[])
+         {  /* Whole image or sections not based on output page size */
+         if (crop.selections > 0)
+           {
+-	  writeSelections(in, &out, &crop, &image, &dump, seg_buffs,
+-                          mp, argv[argc - 1], &next_page, total_pages);
+				if (writeSelections(in, &out, &crop, &image, &dump,
+                                    seg_buffs, mp, argv[argc - 1],
+                                    &next_page, total_pages))
+                {
+                    TIFFError("main",
+                              "Unable to write new image selections");
+                    exit(EXIT_FAILURE);
+                }
+           }
+ 	else  /* One file all images and sections */
+           {
+@@ -7920,7 +7926,7 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop,
+   /* Memory is freed before crop_buff_ptr is overwritten */
+   if (*crop_buff_ptr != NULL)
+   {
+-    _TIFFfree(*crop_buff_ptr);
+	  _TIFFfree(*crop_buff_ptr);
+   }
+ 
+   /* process full image, no crop buffer needed */
+-- 
+2.33.0
+
--- a/libtiff.spec
+++ b/libtiff.spec
@ -1,6 +1,6 @@
 Name:           libtiff
 Version:        4.3.0
-Release:        30
+Release:        31
 Summary:        TIFF Library and Utilities
 License:        libtiff
 URL:            https://www.simplesystems.org/libtiff/
@ -46,6 +46,7 @@ Patch6036:      backport-CVE-2023-38288.patch
 Patch6037:      backport-CVE-2023-38289.patch

 Patch9000:	fix-raw2tiff-floating-point-exception.patch
+Patch9001:	backport-CVE-2023-3618.patch


 BuildRequires:  gcc gcc-c++ zlib-devel libjpeg-devel jbigkit-devel
@ -167,6 +168,9 @@ find html -name 'Makefile*' | xargs rm
 %exclude %{_datadir}/html/man/tiffgt.1.html

 %changelog
+* Wed Aug 16 2023 liningjie <liningjie@xfusion.com> - 4.3.0-31
+- fix CVE-2023-3618
+
 * Fri Jul 28 2023 zhangpan <zhangpan103@h-partners.com> - 4.3.0-30
 - fix CVE-2023-38288 CVE-2023-38289