fix CVE-2023-2731
This commit is contained in:
zhangpan
parent
18a8ee400a
commit
01feeda12d
35
backport-CVE-2023-2731.patch
Normal file
35
backport-CVE-2023-2731.patch
Normal file
@ -0,0 +1,35 @@
|
||||
From 9be22b639ea69e102d3847dca4c53ef025e9527b Mon Sep 17 00:00:00 2001
|
||||
From: Even Rouault <even.rouault@spatialys.com>
|
||||
Date: Sat, 29 Apr 2023 12:20:46 +0200
|
||||
Subject: [PATCH] LZWDecode(): avoid crash when trying to read again from a
|
||||
strip whith a missing end-of-information marker (fixes #548)
|
||||
|
||||
Reference:https://github.com/libsdl-org/libtiff/commit/9be22b639ea69e102d3847dca4c53ef025e9527b
|
||||
Conflict:NA
|
||||
---
|
||||
libtiff/tif_lzw.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/libtiff/tif_lzw.c b/libtiff/tif_lzw.c
|
||||
index ba75a07e..d631fa10 100644
|
||||
--- a/libtiff/tif_lzw.c
|
||||
+++ b/libtiff/tif_lzw.c
|
||||
@@ -423,6 +423,10 @@ static int LZWDecode(TIFF *tif, uint8_t *op0, tmsize_t occ0, uint16_t s)
|
||||
|
||||
if (sp->read_error)
|
||||
{
|
||||
+ TIFFErrorExtR(tif, module,
|
||||
+ "LZWDecode: Scanline %" PRIu32 " cannot be read due to "
|
||||
+ "previous error",
|
||||
+ tif->tif_row);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -742,6 +746,7 @@ static int LZWDecode(TIFF *tif, uint8_t *op0, tmsize_t occ0, uint16_t s)
|
||||
return (1);
|
||||
|
||||
no_eoi:
|
||||
+ sp->read_error = 1;
|
||||
TIFFErrorExtR(tif, module,
|
||||
"LZWDecode: Strip %" PRIu32 " not terminated with EOI code",
|
||||
tif->tif_curstrip);
|
||||
@ -1,6 +1,6 @@
|
||||
Name: libtiff
|
||||
Version: 4.5.0
|
||||
Release: 3
|
||||
Release: 4
|
||||
Summary: TIFF Library and Utilities
|
||||
License: libtiff
|
||||
URL: https://www.simplesystems.org/libtiff/
|
||||
@ -10,6 +10,7 @@ Patch6000: backport-CVE-2022-48281.patch
|
||||
Patch6001: backport-0001-CVE-2023-0795-0796-0797-0798-0799.patch
|
||||
Patch6002: backport-0002-CVE-2023-0795-0796-0797-0798-0799.patch
|
||||
Patch6003: backport-CVE-2023-0800-0801-0802-0803-0804.patch
|
||||
Patch6004: backport-CVE-2023-2731.patch
|
||||
|
||||
BuildRequires: gcc gcc-c++ zlib-devel libjpeg-devel jbigkit-devel
|
||||
BuildRequires: libtool automake autoconf pkgconfig
|
||||
@ -129,6 +130,9 @@ find doc -name 'Makefile*' | xargs rm
|
||||
%exclude %{_mandir}/man1/*
|
||||
|
||||
%changelog
|
||||
* Wed May 24 2023 zhangpan <zhangpan103@h-partners.com> - 4.5.0-4
|
||||
- fix CVE-2023-2731
|
||||
|
||||
* Thu Feb 20 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 4.5.0-3
|
||||
- delete old so files
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user