[OE-core] [denzil 08/18] Summary:Security Advisory - libtiff - CVE-2012-3401
Mark Hatle
mark.hatle at windriver.com
Thu Feb 7 23:56:35 UTC 2013
From: Wei Cai <wei.cai at windriver.com>
[ CQID: WIND00374012 ]
A heap-based buffer overflow flaw was found in the way tiff2pdf, a TIFF image to a
PDF document conversion tool, of libtiff, a library of functions for manipulating
TIFF (Tagged Image File Format) image format files, performed write of TIFF image
content into particular PDF document file, when not properly initialized T2P context
struct pointer has been provided by tiff2pdf (application requesting the conversion)
as one of parameters for the routine performing the write. A remote attacker could
provide a specially-crafted TIFF image format file, that when processed by tiff2pdf
would lead to tiff2pdf executable crash or, potentially, arbitrary code execution
with the privileges of the user running the tiff2pdf binary.
Signed-off-by: Wei Cai <wei.cai at windriver.com>
Signed-off-by: Robert Yang <liezhi.yang at windriver.com>
Affects libtiff 4.0.2 and earlier.
Signed-off-by: Mark Hatle <mark.hatle at windriver.com>
---
.../libtiff/files/libtiff-CVE-2012-3401.patch | 10 ++++++++++
meta/recipes-multimedia/libtiff/tiff_4.0.1.bb | 3 ++-
2 files changed, 12 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-multimedia/libtiff/files/libtiff-CVE-2012-3401.patch
diff --git a/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2012-3401.patch b/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2012-3401.patch
new file mode 100644
index 0000000..e59addd
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2012-3401.patch
@@ -0,0 +1,10 @@
+--- a/tools/tiff2pdf.c.orig 2012-11-22 17:24:46.000000000 +0800
++++ b/tools/tiff2pdf.c 2012-11-22 17:25:41.000000000 +0800
+@@ -1038,6 +1038,7 @@
+ "Can't set directory %u of input file %s",
+ i,
+ TIFFFileName(input));
++ t2p->t2p_error = T2P_ERR_ERROR;
+ return;
+ }
+ if(TIFFGetField(input, TIFFTAG_PAGENUMBER, &pagen, &paged)){
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.0.1.bb b/meta/recipes-multimedia/libtiff/tiff_4.0.1.bb
index 54c4cbc..4bc7499 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.0.1.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.0.1.bb
@@ -6,7 +6,8 @@ DEPENDS = "zlib jpeg xz"
PR = "r1"
SRC_URI = "ftp://ftp.remotesensing.org/pub/libtiff/tiff-${PV}.tar.gz \
- file://libtool2.patch"
+ file://libtool2.patch \
+ file://libtiff-CVE-2012-3401.patch"
SRC_URI[md5sum] = "fae149cc9da35c598d8be897826dfc63"
SRC_URI[sha256sum] = "9a7a039e516c37478038740f1642818250bfb1414cf404cc8b569e5f9d4bf2f0"
--
1.8.1.2.545.g2f19ada
More information about the Openembedded-core
mailing list