diff --git a/backport-CVE-2022-0908.patch b/backport-CVE-2022-0908.patch new file mode 100644 index 0000000..446c9f6 --- /dev/null +++ b/backport-CVE-2022-0908.patch @@ -0,0 +1,29 @@ +From a95b799f65064e4ba2e2dfc206808f86faf93e85 Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Thu, 17 Feb 2022 15:28:43 +0100 +Subject: [PATCH] TIFFFetchNormalTag(): avoid calling memcpy() with a null + source pointer and size of zero (fixes #383) + +--- + libtiff/tif_dirread.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c +index d654a1c..a31109a 100644 +--- a/libtiff/tif_dirread.c ++++ b/libtiff/tif_dirread.c +@@ -5080,7 +5080,10 @@ TIFFFetchNormalTag(TIFF* tif, TIFFDirEntry* dp, int recover) + _TIFFfree(data); + return(0); + } +- _TIFFmemcpy(o,data,(uint32_t)dp->tdir_count); ++ if (dp->tdir_count > 0 ) ++ { ++ _TIFFmemcpy(o,data,(uint32_t)dp->tdir_count); ++ } + o[(uint32_t)dp->tdir_count]=0; + if (data!=0) + _TIFFfree(data); +-- +2.27.0 + diff --git a/libtiff.spec b/libtiff.spec index 0489fcb..a69c493 100644 --- a/libtiff.spec +++ b/libtiff.spec @@ -1,6 +1,6 @@ Name: libtiff Version: 4.3.0 -Release: 5 +Release: 6 Summary: TIFF Library and Utilities License: libtiff URL: https://www.simplesystems.org/libtiff/ @@ -12,6 +12,7 @@ Patch6002: backport-0001-CVE-2022-22844.patch Patch6003: backport-0002-CVE-2022-22844.patch Patch6004: backport-0003-CVE-2022-22844.patch Patch6005: backport-CVE-2022-0891.patch +Patch6006: backport-CVE-2022-0908.patch BuildRequires: gcc gcc-c++ zlib-devel libjpeg-devel jbigkit-devel BuildRequires: libtool automake autoconf pkgconfig @@ -132,6 +133,12 @@ find html -name 'Makefile*' | xargs rm %exclude %{_datadir}/html/man/tiffgt.1.html %changelog +* Tue Mar 22 2022 yangcheng - 4.3.0-6 +- Type:cve +- ID:CVE-2022-0908 +- SUG:NA +- DESC:fix CVE-2022-0908 + * Thu Mar 17 2022 wangkerong - 4.3.0-5 - Type:cve - ID:CVE-2022-0891