packages/libtiff
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2023-3316

Browse Source
This commit is contained in:
zhangpan 2023-06-25 07:50:37 +00:00
parent f6c342d630
commit 4e6afd7596
2 changed files with 59 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
backport-CVE-2023-3316.patch Normal file
View File

@ -0,0 +1,54 @@
From d63de61b1ec3385f6383ef9a1f453e4b8b11d536 Mon Sep 17 00:00:00 2001
From: Su_Laus <sulau@freenet.de>
Date: Fri, 3 Feb 2023 17:38:55 +0100
Subject: [PATCH] TIFFClose() avoid NULL pointer dereferencing. fix#515
Closes #515
Reference:https://gitlab.com/libtiff/libtiff/-/commit/d63de61b1ec3385f6383ef9a1f453e4b8b11d536
Conflict:NA
---
libtiff/tif_close.c | 11 +++++++----
tools/tiffcrop.c | 5 ++++-
2 files changed, 11 insertions(+), 5 deletions(-)
diff --git a/libtiff/tif_close.c b/libtiff/tif_close.c
index 985d290cf..907d7f139 100644
--- a/libtiff/tif_close.c
+++ b/libtiff/tif_close.c
@@ -147,9 +147,12 @@ void _TIFFCleanupIFDOffsetAndNumberMaps(TIFF *tif)
void TIFFClose(TIFF *tif)
{
- TIFFCloseProc closeproc = tif->tif_closeproc;
- thandle_t fd = tif->tif_clientdata;
+ if (tif != NULL)
+ {
+ TIFFCloseProc closeproc = tif->tif_closeproc;
+ thandle_t fd = tif->tif_clientdata;
- TIFFCleanup(tif);
- (void)(*closeproc)(fd);
+ TIFFCleanup(tif);
+ (void)(*closeproc)(fd);
+ }
}
diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
index 7db69883e..84e26ac66 100644
--- a/tools/tiffcrop.c
+++ b/tools/tiffcrop.c
@@ -2920,7 +2920,10 @@ int main(int argc, char *argv[])
}
}
- TIFFClose(out);
+ if (out != NULL)
+ {
+ TIFFClose(out);
+ }
return (0);
} /* end main */
--
GitLab

6
libtiff.spec
View File

@ -1,6 +1,6 @@
Name: libtiff Name: libtiff
Version: 4.5.0 Version: 4.5.0
Release: 5 Release: 6
Summary: TIFF Library and Utilities Summary: TIFF Library and Utilities
License: libtiff License: libtiff
URL: https://www.simplesystems.org/libtiff/ URL: https://www.simplesystems.org/libtiff/
@ -12,6 +12,7 @@ Patch6002: backport-0002-CVE-2023-0795-0796-0797-0798-0799.patch
Patch6003: backport-CVE-2023-0800-0801-0802-0803-0804.patch Patch6003: backport-CVE-2023-0800-0801-0802-0803-0804.patch
Patch6004: backport-CVE-2023-2731.patch Patch6004: backport-CVE-2023-2731.patch
Patch6005: backport-CVE-2023-26965.patch Patch6005: backport-CVE-2023-26965.patch
Patch6006: backport-CVE-2023-3316.patch
BuildRequires: gcc gcc-c++ zlib-devel libjpeg-devel jbigkit-devel BuildRequires: gcc gcc-c++ zlib-devel libjpeg-devel jbigkit-devel
BuildRequires: libtool automake autoconf pkgconfig BuildRequires: libtool automake autoconf pkgconfig
@ -131,6 +132,9 @@ find doc -name 'Makefile*' | xargs rm
%exclude %{_mandir}/man1/* %exclude %{_mandir}/man1/*
%changelog %changelog
* Sun Jun 25 2023 zhangpan <zhangpan103@h-partners.com> - 4.5.0-6
- fix CVE-2023-3316
* Thu Jun 15 2023 zhangpan <zhangpan103@h-partners.com> - 4.5.0-5 * Thu Jun 15 2023 zhangpan <zhangpan103@h-partners.com> - 4.5.0-5
- fix CVE-2023-26965 - fix CVE-2023-26965