summary refs log tree commit diff
path: root/gnu/packages/patches/libtiff-CVE-2013-4244.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/libtiff-CVE-2013-4244.patch')
-rw-r--r--gnu/packages/patches/libtiff-CVE-2013-4244.patch20
1 files changed, 20 insertions, 0 deletions
diff --git a/gnu/packages/patches/libtiff-CVE-2013-4244.patch b/gnu/packages/patches/libtiff-CVE-2013-4244.patch
new file mode 100644
index 0000000000..be9c65c311
--- /dev/null
+++ b/gnu/packages/patches/libtiff-CVE-2013-4244.patch
@@ -0,0 +1,20 @@
+Copied from Debian
+
+Description: OOB write in gif2tiff
+Bug-Redhat: https://bugzilla.redhat.com/show_bug.cgi?id=996468
+
+Index: tiff-4.0.3/tools/gif2tiff.c
+===================================================================
+--- tiff-4.0.3.orig/tools/gif2tiff.c	2013-08-24 11:17:13.546447901 -0400
++++ tiff-4.0.3/tools/gif2tiff.c	2013-08-24 11:17:13.546447901 -0400
+@@ -400,6 +400,10 @@
+     }
+ 
+     if (oldcode == -1) {
++        if (code >= clear) {
++            fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear);
++            return 0;
++        }
+ 	*(*fill)++ = suffix[code];
+ 	firstchar = oldcode = code;
+ 	return 1;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-12-02 05:45:03 +0000