summary refs log tree commit diff
path: root/gnu/packages/patches/libtiff-CVE-2014-8127-pt1.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/libtiff-CVE-2014-8127-pt1.patch')
-rw-r--r--gnu/packages/patches/libtiff-CVE-2014-8127-pt1.patch30
1 files changed, 30 insertions, 0 deletions
diff --git a/gnu/packages/patches/libtiff-CVE-2014-8127-pt1.patch b/gnu/packages/patches/libtiff-CVE-2014-8127-pt1.patch
new file mode 100644
index 0000000000..7f70edb86f
--- /dev/null
+++ b/gnu/packages/patches/libtiff-CVE-2014-8127-pt1.patch
@@ -0,0 +1,30 @@
+Copied from Debian
+
+From 0782c759084daaf9e4de7ee6be7543081823455e Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Sun, 21 Dec 2014 20:58:29 +0000
+Subject: [PATCH] * tools/tiff2bw.c: when Photometric=RGB, the utility only
+ works if SamplesPerPixel = 3. Enforce that
+ http://bugzilla.maptools.org/show_bug.cgi?id=2485 (CVE-2014-8127)
+
+---
+ ChangeLog       | 6 ++++++
+ tools/tiff2bw.c | 5 +++++
+ 2 files changed, 11 insertions(+)
+
+diff --git a/tools/tiff2bw.c b/tools/tiff2bw.c
+index 22467cd..94b8e31 100644
+--- a/tools/tiff2bw.c
++++ b/tools/tiff2bw.c
+@@ -171,6 +171,11 @@ main(int argc, char* argv[])
+ 		    argv[optind], samplesperpixel);
+ 		return (-1);
+ 	}
++	if( photometric == PHOTOMETRIC_RGB && samplesperpixel != 3) {
++		fprintf(stderr, "%s: Bad samples/pixel %u for PHOTOMETRIC_RGB.\n",
++		    argv[optind], samplesperpixel);
++		return (-1);
++	}
+ 	TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bitspersample);
+ 	if (bitspersample != 8) {
+ 		fprintf(stderr,
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-12-02 05:34:29 +0000