diff options
Diffstat (limited to 'repo/media/tiff/CVE-2018-12900.patch')
-rw-r--r-- | repo/media/tiff/CVE-2018-12900.patch | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/repo/media/tiff/CVE-2018-12900.patch b/repo/media/tiff/CVE-2018-12900.patch new file mode 100644 index 0000000..f95cd06 --- /dev/null +++ b/repo/media/tiff/CVE-2018-12900.patch @@ -0,0 +1,29 @@ +From 86861b86f26be5301ccfa96f9bf765051f4e644a Mon Sep 17 00:00:00 2001 +From: pgajdos <pgajdos@suse.cz> +Date: Tue, 13 Nov 2018 09:03:31 +0100 +Subject: [PATCH] prevent integer overflow + +--- + tools/tiffcp.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/tools/tiffcp.c b/tools/tiffcp.c +index 2f406e2d..ece7ba13 100644 +--- a/tools/tiffcp.c ++++ b/tools/tiffcp.c +@@ -1435,6 +1435,12 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer) + status = 0; + goto done; + } ++ if (0xFFFFFFFF / tilew < spp) ++ { ++ TIFFError(TIFFFileName(in), "Error, either TileWidth (%u) or BitsPerSample (%u) is too large", tilew, bps); ++ status = 0; ++ goto done; ++ } + bytes_per_sample = bps/8; + + for (row = 0; row < imagelength; row += tl) { +-- +2.18.1 + |