diff options
author | maya <maya@pkgsrc.org> | 2018-10-25 22:58:05 +0000 |
---|---|---|
committer | maya <maya@pkgsrc.org> | 2018-10-25 22:58:05 +0000 |
commit | 9600cfe63a62f21baa7c6eaa0e920c3fb2707051 (patch) | |
tree | 5ffd3fa262f308276a75c03e24b4df63372e0a10 /print | |
parent | 3ea0836bd54252350e15e0dc5eef4933ad05b9e8 (diff) | |
download | pkgsrc-9600cfe63a62f21baa7c6eaa0e920c3fb2707051.tar.gz |
tiff: apply fix for CVE-2018-18557
From 681748ec2f5ce88da5f9fa6831e1653e46af8a66 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Sun, 14 Oct 2018 16:38:29 +0200
Subject: [PATCH 1/1] JBIG: fix potential out-of-bounds write in JBIGDecode()
JBIGDecode doesn't check if the user provided buffer is large enough
to store the JBIG decoded image, which can potentially cause out-of-bounds
write in the buffer.
This issue was reported and analyzed by Thomas Dullien.
Also fixes a (harmless) potential use of uninitialized memory when
tif->tif_rawsize > tif->tif_rawcc
And in case libtiff is compiled with CHUNKY_STRIP_READ_SUPPORT, make sure
that whole strip data is provided to JBIGDecode()
The last part (CHUNKY_STRIP_READ_SUPPORT) was adapted by myself to fit
the libtiff release.
Bump PKGREVISION.
Diffstat (limited to 'print')
0 files changed, 0 insertions, 0 deletions