[OE-core] [denzil 08/18] Summary:Security Advisory - libtiff - CVE-2012-3401

Thu, 07 Feb 2013 15:31:39 -0800 

From: Wei Cai <wei....@windriver.com>

[ CQID: WIND00374012 ]

A heap-based buffer overflow flaw was found in the way tiff2pdf, a TIFF image 
to a
PDF document conversion tool, of libtiff, a library of functions for 
manipulating
TIFF (Tagged Image File Format) image format files, performed write of TIFF 
image
content into particular PDF document file, when not properly initialized T2P 
context
struct pointer has been provided by tiff2pdf (application requesting the 
conversion)
as one of parameters for the routine performing the write. A remote attacker 
could
provide a specially-crafted TIFF image format file, that when processed by 
tiff2pdf
would lead to tiff2pdf executable crash or, potentially, arbitrary code 
execution
with the privileges of the user running the tiff2pdf binary.

Signed-off-by: Wei Cai <wei....@windriver.com>
Signed-off-by: Robert Yang <liezhi.y...@windriver.com>

Affects libtiff 4.0.2 and earlier.

Signed-off-by: Mark Hatle <mark.ha...@windriver.com>
---
 .../libtiff/files/libtiff-CVE-2012-3401.patch                  | 10 ++++++++++
 meta/recipes-multimedia/libtiff/tiff_4.0.1.bb                  |  3 ++-
 2 files changed, 12 insertions(+), 1 deletion(-)
 create mode 100644 
meta/recipes-multimedia/libtiff/files/libtiff-CVE-2012-3401.patch

diff --git a/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2012-3401.patch 
b/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2012-3401.patch
new file mode 100644
index 0000000..e59addd
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2012-3401.patch
@@ -0,0 +1,10 @@
+--- a/tools/tiff2pdf.c.orig    2012-11-22 17:24:46.000000000 +0800
++++ b/tools/tiff2pdf.c 2012-11-22 17:25:41.000000000 +0800
+@@ -1038,6 +1038,7 @@
+                               "Can't set directory %u of input file %s", 
+                               i,
+                               TIFFFileName(input));
++                      t2p->t2p_error = T2P_ERR_ERROR;
+                       return;
+               }
+               if(TIFFGetField(input, TIFFTAG_PAGENUMBER, &pagen, &paged)){
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.0.1.bb 
b/meta/recipes-multimedia/libtiff/tiff_4.0.1.bb
index 54c4cbc..4bc7499 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.0.1.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.0.1.bb
@@ -6,7 +6,8 @@ DEPENDS = "zlib jpeg xz"
 PR = "r1"
 
 SRC_URI = "ftp://ftp.remotesensing.org/pub/libtiff/tiff-${PV}.tar.gz \
-           file://libtool2.patch"
+           file://libtool2.patch \
+                  file://libtiff-CVE-2012-3401.patch"
 
 SRC_URI[md5sum] = "fae149cc9da35c598d8be897826dfc63"
 SRC_URI[sha256sum] = 
"9a7a039e516c37478038740f1642818250bfb1414cf404cc8b569e5f9d4bf2f0"
-- 
1.8.1.2.545.g2f19ada


_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core

Reply via email to