diff options
author | Even Rouault <even.rouault@spatialys.com> | 2017-06-01 12:44:04 +0000 |
---|---|---|
committer | Even Rouault <even.rouault@spatialys.com> | 2017-06-01 12:44:04 +0000 |
commit | 6281927e03aed3fdaac4c25e1cd1a5ff7232bcd8 (patch) | |
tree | 7cf9fab3cbd3af316bc455396f2c2545a9651f0c /ChangeLog | |
parent | ed38dcc52c934839353be1ce7a7817b1599ccb31 (diff) | |
download | libtiff-git-6281927e03aed3fdaac4c25e1cd1a5ff7232bcd8.tar.gz |
* libtiff/tif_dirinfo.c, tif_dirread.c: add _TIFFCheckFieldIsValidForCodec(),
and use it in TIFFReadDirectory() so as to ignore fields whose tag is a
codec-specified tag but this codec is not enabled. This avoids TIFFGetField()
to behave differently depending on whether the codec is enabled or not, and
thus can avoid stack based buffer overflows in a number of TIFF utilities
such as tiffsplit, tiffcmp, thumbnail, etc.
Patch derived from 0063-Handle-properly-CODEC-specific-tags.patch
(http://bugzilla.maptools.org/show_bug.cgi?id=2580) by Raphaël Hertzog.
Fixes:
http://bugzilla.maptools.org/show_bug.cgi?id=2580
http://bugzilla.maptools.org/show_bug.cgi?id=2693
http://bugzilla.maptools.org/show_bug.cgi?id=2625 (CVE-2016-10095)
http://bugzilla.maptools.org/show_bug.cgi?id=2564 (CVE-2015-7554)
http://bugzilla.maptools.org/show_bug.cgi?id=2561 (CVE-2016-5318)
http://bugzilla.maptools.org/show_bug.cgi?id=2499 (CVE-2014-8128)
http://bugzilla.maptools.org/show_bug.cgi?id=2441
http://bugzilla.maptools.org/show_bug.cgi?id=2433
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 20 |
1 files changed, 20 insertions, 0 deletions
@@ -1,3 +1,23 @@ +2017-06-01 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_dirinfo.c, tif_dirread.c: add _TIFFCheckFieldIsValidForCodec(), + and use it in TIFFReadDirectory() so as to ignore fields whose tag is a + codec-specified tag but this codec is not enabled. This avoids TIFFGetField() + to behave differently depending on whether the codec is enabled or not, and + thus can avoid stack based buffer overflows in a number of TIFF utilities + such as tiffsplit, tiffcmp, thumbnail, etc. + Patch derived from 0063-Handle-properly-CODEC-specific-tags.patch + (http://bugzilla.maptools.org/show_bug.cgi?id=2580) by Raphaël Hertzog. + Fixes: + http://bugzilla.maptools.org/show_bug.cgi?id=2580 + http://bugzilla.maptools.org/show_bug.cgi?id=2693 + http://bugzilla.maptools.org/show_bug.cgi?id=2625 (CVE-2016-10095) + http://bugzilla.maptools.org/show_bug.cgi?id=2564 (CVE-2015-7554) + http://bugzilla.maptools.org/show_bug.cgi?id=2561 (CVE-2016-5318) + http://bugzilla.maptools.org/show_bug.cgi?id=2499 (CVE-2014-8128) + http://bugzilla.maptools.org/show_bug.cgi?id=2441 + http://bugzilla.maptools.org/show_bug.cgi?id=2433 + 2017-05-29 Even Rouault <even.rouault at spatialys.com> * libtiff/tif_getimage.c: initYCbCrConversion(): stricter validation for |