cubixle/packages
1
0
Fork 0
mirror of https://github.com/novatiq/packages.git synced 2026-04-30 23:48:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

tiff: fix multiple CVE's

Browse Source 
This commit fixes multiple CVE's for library tiff:
CVE-2012-4564
CVE-2013-1960
CVE-2013-1961
CVE-2013-4231
CVE-2013-4232
CVE-2013-4244
CVE-2013-4243

Signed-off-by: Jiri Slachta <slachta@cesnet.cz>
This commit is contained in:
Jiri Slachta
2014-08-04 12:08:07 +02:00
committed by Steven Barth
parent 317c39a7ba
commit 20ee7a564c
8 changed files with 1036 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
libs/tiff/patches/015-CVE-2013-4244.patch
+18
View File
@@ -0,0 +1,18 @@
Description: OOB write in gif2tiff
Bug-Redhat: https://bugzilla.redhat.com/show_bug.cgi?id=996468
Index: tiff-4.0.3/tools/gif2tiff.c
===================================================================
--- tiff-4.0.3.orig/tools/gif2tiff.c 2013-08-24 11:17:13.546447901 -0400
+++ tiff-4.0.3/tools/gif2tiff.c 2013-08-24 11:17:13.546447901 -0400
@@ -400,6 +400,10 @@
}
if (oldcode == -1) {
+ if (code >= clear) {
+ fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear);
+ return 0;
+ }
*(*fill)++ = suffix[code];
firstchar = oldcode = code;
return 1;