blob: 9fc8182fef387c6cf8a32c0cb32bd212e5a1d3f0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
From f500facf7723f1cae725dd288b2daad15e45131c Mon Sep 17 00:00:00 2001
From: Su_Laus <sulau@freenet.de>
Date: Mon, 30 Oct 2023 21:21:57 +0100
Subject: [PATCH 2/3] At image reading, compare data size of some tags / data
structures (StripByteCounts, StripOffsets, StripArray, TIFF directory) with
file size to prevent provoked out-of-memory attacks.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
See issue #614.
Correct declaration of ‘filesize’ shadows a previous local.
CVE: CVE-2023-6277
Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/merge_requests/545]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
libtiff/tif_dirread.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
index c52d41f..fe8d6f8 100644
--- a/libtiff/tif_dirread.c
+++ b/libtiff/tif_dirread.c
@@ -5305,7 +5305,6 @@ static int EstimateStripByteCounts(TIFF *tif, TIFFDirEntry *dir,
if (td->td_compression != COMPRESSION_NONE)
{
uint64_t space;
- uint64_t filesize;
uint16_t n;
filesize = TIFFGetFileSize(tif);
if (!(tif->tif_flags & TIFF_BIGTIFF))
--
2.43.0
|
