diff options
author | Yi Zhao <yi.zhao@windriver.com> | 2016-10-26 16:26:47 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-11-06 23:35:16 +0000 |
commit | d66824eee47b7513b919ea04bdf41dc48a9d85e9 (patch) | |
tree | e13c76dadacbb80acf50e9b388590a1858f5ea11 /meta/recipes-multimedia | |
parent | d31267438a654ecb396aefced201f52164171055 (diff) | |
download | openembedded-core-d66824eee47b7513b919ea04bdf41dc48a9d85e9.tar.gz openembedded-core-d66824eee47b7513b919ea04bdf41dc48a9d85e9.tar.bz2 openembedded-core-d66824eee47b7513b919ea04bdf41dc48a9d85e9.zip |
tiff: Security fix CVE-2016-3623
CVE-2016-3623 libtiff: The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier
allows remote attackers to cause a denial of service (divide-by-zero) by
setting the (1) v or (2) h parameter to 0.
External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3623
http://bugzilla.maptools.org/show_bug.cgi?id=2569
Patch from:
https://github.com/vadz/libtiff/commit/bd024f07019f5d9fea236675607a69f74a66bc7b
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Diffstat (limited to 'meta/recipes-multimedia')
-rw-r--r-- | meta/recipes-multimedia/libtiff/files/CVE-2016-3623.patch | 52 | ||||
-rw-r--r-- | meta/recipes-multimedia/libtiff/tiff_4.0.6.bb | 1 |
2 files changed, 53 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2016-3623.patch b/meta/recipes-multimedia/libtiff/files/CVE-2016-3623.patch new file mode 100644 index 0000000000..f554ac5464 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2016-3623.patch @@ -0,0 +1,52 @@ +From bd024f07019f5d9fea236675607a69f74a66bc7b Mon Sep 17 00:00:00 2001 +From: erouault <erouault> +Date: Mon, 15 Aug 2016 21:26:56 +0000 +Subject: [PATCH] * tools/rgb2ycbcr.c: validate values of -v and -h parameters + to avoid potential divide by zero. Fixes CVE-2016-3623 (bugzilla #2569) + +CVE: CVE-2016-3623 +Upstream-Status: Backport +https://github.com/vadz/libtiff/commit/bd024f07019f5d9fea236675607a69f74a66bc7b + +Signed-off-by: Yi Zhao <yi.zhao@windirver.com> +--- + ChangeLog | 5 +++++ + tools/rgb2ycbcr.c | 4 ++++ + 2 files changed, 9 insertions(+) + +diff --git a/ChangeLog b/ChangeLog +index 5d60608..3e6642a 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,5 +1,10 @@ + 2016-08-15 Even Rouault <even.rouault at spatialys.com> + ++ * tools/rgb2ycbcr.c: validate values of -v and -h parameters to ++ avoid potential divide by zero. Fixes CVE-2016-3623 (bugzilla #2569) ++ ++2016-08-15 Even Rouault <even.rouault at spatialys.com> ++ + * tools/tiffcrop.c: Fix out-of-bounds write in loadImage(). + From patch libtiff-CVE-2016-3991.patch from + libtiff-4.0.3-25.el7_2.src.rpm by Nikola Forro (bugzilla #2543) +diff --git a/tools/rgb2ycbcr.c b/tools/rgb2ycbcr.c +index 3829d6b..51f4259 100644 +--- a/tools/rgb2ycbcr.c ++++ b/tools/rgb2ycbcr.c +@@ -95,9 +95,13 @@ main(int argc, char* argv[]) + break; + case 'h': + horizSubSampling = atoi(optarg); ++ if( horizSubSampling != 1 && horizSubSampling != 2 && horizSubSampling != 4 ) ++ usage(-1); + break; + case 'v': + vertSubSampling = atoi(optarg); ++ if( vertSubSampling != 1 && vertSubSampling != 2 && vertSubSampling != 4 ) ++ usage(-1); + break; + case 'r': + rowsperstrip = atoi(optarg); +-- +2.7.4 + diff --git a/meta/recipes-multimedia/libtiff/tiff_4.0.6.bb b/meta/recipes-multimedia/libtiff/tiff_4.0.6.bb index 713cf24d5b..466dfbb50d 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.0.6.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.0.6.bb @@ -13,6 +13,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ file://CVE-2016-3945.patch \ file://CVE-2016-3990.patch \ file://CVE-2016-3991.patch \ + file://CVE-2016-3623.patch \ " SRC_URI[md5sum] = "d1d2e940dea0b5ad435f21f03d96dd72" |