diff --git a/backport-CVE-2023-3576.patch b/backport-CVE-2023-3576.patch new file mode 100644 index 0000000..1dbb3fd --- /dev/null +++ b/backport-CVE-2023-3576.patch @@ -0,0 +1,34 @@ +From 881a070194783561fd209b7c789a4e75566f7f37 Mon Sep 17 00:00:00 2001 +From: zhailiangliang +Date: Tue, 7 Mar 2023 15:02:08 +0800 +Subject: [PATCH] Fix memory leak in tiffcrop.c + +Reference:https://gitlab.com/libtiff/libtiff/-/merge_requests/475/diffs +Conflict:Adaptation Context + +--- + tools/tiffcrop.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c +index e2f8b83..39156b5 100644 +--- a/tools/tiffcrop.c ++++ b/tools/tiffcrop.c +@@ -7917,8 +7917,13 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop, + + read_buff = *read_buff_ptr; + ++ /* Memory is freed before crop_buff_ptr is overwritten */ ++ if (*crop_buff_ptr != NULL) ++ { ++ _TIFFfree(*crop_buff_ptr); ++ } ++ + /* process full image, no crop buffer needed */ +- crop_buff = read_buff; + *crop_buff_ptr = read_buff; + crop->combined_width = image->width; + crop->combined_length = image->length; +-- +2.27.0 + diff --git a/libtiff.spec b/libtiff.spec index cec9d9e..317e39d 100644 --- a/libtiff.spec +++ b/libtiff.spec @@ -1,6 +1,6 @@ Name: libtiff Version: 4.3.0 -Release: 28 +Release: 29 Summary: TIFF Library and Utilities License: libtiff URL: https://www.simplesystems.org/libtiff/ @@ -41,6 +41,7 @@ Patch6031: backport-CVE-2023-3316.patch Patch6032: backport-CVE-2023-25433.patch Patch6033: backport-CVE-2023-26966.patch Patch6034: backport-CVE-2023-2908.patch +Patch6035: backport-CVE-2023-3576.patch Patch9000: fix-raw2tiff-floating-point-exception.patch @@ -164,6 +165,9 @@ find html -name 'Makefile*' | xargs rm %exclude %{_datadir}/html/man/tiffgt.1.html %changelog +* Thu Jul 13 2023 zhangpan - 4.3.0-29 +- fix CVE-2023-3576 + * Tue Jul 04 2023 zhangpan - 4.3.0-28 - fix CVE-2023-25433 CVE-2023-26966 CVE-2023-2908