From 90192a3d81d6579746cf6548532006feefc522c0 Mon Sep 17 00:00:00 2001
From: zhouwenpei <zhouwenpei050@chinasoftinc.com>
Date: Sun, 29 Jan 2023 12:08:47 +0000
Subject: [PATCH] fix CVE-2022-48281

---
 backport-CVE-2022-48281.patch | 24 ++++++++++++++++++++++++
 libtiff.spec                  | 11 +++++++++--
 2 files changed, 33 insertions(+), 2 deletions(-)
 create mode 100644 backport-CVE-2022-48281.patch

diff --git a/backport-CVE-2022-48281.patch b/backport-CVE-2022-48281.patch
new file mode 100644
index 0000000..159b30d
--- /dev/null
+++ b/backport-CVE-2022-48281.patch
@@ -0,0 +1,24 @@
+From 97d65859bc29ee334012e9c73022d8a8e55ed586 Mon Sep 17 00:00:00 2001
+From: Su Laus <sulau@freenet.de>
+Date: Sat, 21 Jan 2023 15:58:10 +0000
+Subject: [PATCH] tiffcrop: Correct simple copy paste error. Fix #488.
+
+---
+ tools/tiffcrop.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index 92f8d09..20b9c23 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -7638,7 +7638,7 @@ processCropSelections(struct image_data *image, struct crop_mask *crop,
+       crop_buff = (unsigned char *)limitMalloc(cropsize + NUM_BUFF_OVERSIZE_BYTES);
+     else
+       {
+-      prev_cropsize = seg_buffs[0].size;
++      prev_cropsize = seg_buffs[i].size;
+       if (prev_cropsize < cropsize)
+         {
+         next_buff = _TIFFrealloc(crop_buff, cropsize + NUM_BUFF_OVERSIZE_BYTES);
+-- 
+2.33.0
diff --git a/libtiff.spec b/libtiff.spec
index f36b387..814e1a4 100644
--- a/libtiff.spec
+++ b/libtiff.spec
@@ -1,6 +1,6 @@
 Name:           libtiff
 Version:        4.3.0
-Release:        21
+Release:        22
 Summary:        TIFF Library and Utilities
 License:        libtiff
 URL:            https://www.simplesystems.org/libtiff/
@@ -30,10 +30,11 @@ Patch6020:      backport-0001-CVE-2022-3570-CVE-2022-3598.patch
 Patch6021:      backport-0002-CVE-2022-3570-CVE-2022-3598.patch
 Patch6022:      backport-0003-CVE-2022-3570-CVE-2022-3598.patch
 Patch6023:      backport-CVE-2022-3599.patch
+Patch6024:      backport-CVE-2022-3970.patch
+Patch6025:      backport-CVE-2022-48281.patch
 
 Patch9000:	fix-raw2tiff-floating-point-exception.patch
 
-Patch6024:      backport-CVE-2022-3970.patch
 
 BuildRequires:  gcc gcc-c++ zlib-devel libjpeg-devel jbigkit-devel
 BuildRequires:  libtool automake autoconf pkgconfig 
@@ -154,6 +155,12 @@ find html -name 'Makefile*' | xargs rm
 %exclude %{_datadir}/html/man/tiffgt.1.html
 
 %changelog
+* Sun Jan 29 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 4.3.0-22
+- Type:cve
+- ID:CVE-2022-48281
+- SUG:NA
+- DESC:fix CVE-2022-48281
+
 * Thu Nov 17 2022 qisen <qisen@huawei.com> - 4.3.0-21
 - Type:cve
 - ID:CVE-2022-3970