Hi Brian, I am currently testing the update. I already had a look at the patches.
> diff -Nru tiff-4.0.3/debian/patches/CVE-2018-12900.patch
> tiff-4.0.3/debian/patches/CVE-2018-12900.patch
> --- tiff-4.0.3/debian/patches/CVE-2018-12900.patch 1970-01-01
> 10:00:00.000000000 +1000
> +++ tiff-4.0.3/debian/patches/CVE-2018-12900.patch 2019-02-08
> 14:52:01.000000000 +1100
> @@ -0,0 +1,13 @@
> +--- a/tools/tiffcp.c
> ++++ b/tools/tiffcp.c
> +@@ -1394,6 +1394,10 @@
> + uint32 row;
> + uint16 bps, bytes_per_sample;
> +
> ++ if (0xFFFFFFFF / tilew < spp) {
> ++ TIFFError(TIFFFileName(in), "Error, either TileWidth (%u) or
> SamplePerPixel (%u) is too large", tilew, spp);
> ++ return 0;
> ++ }
> + tilebuf = _TIFFmalloc(tilesize);
> + if (tilebuf == 0)
> + return 0;
I don't really like this patch... it has not been merged yet (the PR has
been closed, so I guess it will never get merged) and looks more like a
hack to me.
What if tilew * spp = INT_MAX ?
Then oskew + iskew will still overflow. So this does not fix the issue.
cheers,
Hugo
--
Hugo Lefeuvre (hle) | www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
signature.asc
Description: PGP signature
