git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/blob

   1 From f500facf7723f1cae725dd288b2daad15e45131c Mon Sep 17 00:00:00 2001
   2 From: Su_Laus <sulau@freenet.de>
   3 Date: Mon, 30 Oct 2023 21:21:57 +0100
   4 Subject: [PATCH 2/3] At image reading, compare data size of some tags / data
   5  structures (StripByteCounts, StripOffsets, StripArray, TIFF directory) with
   6  file size to prevent provoked out-of-memory attacks.
   7 MIME-Version: 1.0
   8 Content-Type: text/plain; charset=UTF-8
   9 Content-Transfer-Encoding: 8bit
  10
  11 See issue #614.
  12
  13 Correct declaration of ‘filesize’ shadows a previous local.
  14
  15 CVE: CVE-2023-6277
  16 Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/merge_requests/545]
  17 Signed-off-by: Khem Raj <raj.khem@gmail.com>
  18 ---
  19  libtiff/tif_dirread.c | 1 -
  20  1 file changed, 1 deletion(-)
  21
  22 diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
  23 index c52d41f..fe8d6f8 100644
  24 --- a/libtiff/tif_dirread.c
  25 +++ b/libtiff/tif_dirread.c
  26 @@ -5305,7 +5305,6 @@ static int EstimateStripByteCounts(TIFF *tif, TIFFDirEntry *dir,
  27      if (td->td_compression != COMPRESSION_NONE)
  28      {
  29          uint64_t space;
  30 -        uint64_t filesize;
  31          uint16_t n;
  32          filesize = TIFFGetFileSize(tif);
  33          if (!(tif->tif_flags & TIFF_BIGTIFF))
  34 --
  35 2.43.0
  36