diff options
Diffstat (limited to 'meta/recipes-multimedia/libtiff/files/libtiff-CVE-2013-4231.patch')
-rw-r--r-- | meta/recipes-multimedia/libtiff/files/libtiff-CVE-2013-4231.patch | 44 |
1 files changed, 0 insertions, 44 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2013-4231.patch b/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2013-4231.patch deleted file mode 100644 index d8d4e961db..0000000000 --- a/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2013-4231.patch +++ /dev/null @@ -1,44 +0,0 @@ -Upstream-Status: Backport - -Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers -to cause a denial of service (out-of-bounds write) via a crafted (1) -extension block in a GIF image or (2) GIF raster image to -tools/gif2tiff.c or (3) a long filename for a TIFF image to -tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which -states that the input cannot exceed the allocated buffer size. - -http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4231Multiple -buffer overflows in libtiff before 4.0.3 allow remote attackers to cause -a denial of service (out-of-bounds write) via a crafted (1) extension -block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) -a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 -and 3 are disputed by Red Hat, which states that the input cannot exceed -the allocated buffer size. - -http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4231 - -Signed-off-by: Yue Tao <Yue.Tao@windriver.com> - -Index: tools/gif2tiff.c -=================================================================== -RCS file: /cvs/maptools/cvsroot/libtiff/tools/gif2tiff.c,v -retrieving revision 1.12 -retrieving revision 1.13 -diff -u -r1.12 -r1.13 ---- a/tools/gif2tiff.c 15 Dec 2010 00:22:44 -0000 1.12 -+++ b/tools/gif2tiff.c 14 Aug 2013 05:18:53 -0000 1.13 -@@ -1,4 +1,4 @@ --/* $Id: gif2tiff.c,v 1.12 2010-12-15 00:22:44 faxguy Exp $ */ -+/* $Id: gif2tiff.c,v 1.13 2013-08-14 05:18:53 fwarmerdam Exp $ */ - - /* - * Copyright (c) 1990-1997 Sam Leffler -@@ -333,6 +333,8 @@ - int status = 1; - - datasize = getc(infile); -+ if (datasize > 12) -+ return 0; - clear = 1 << datasize; - eoi = clear + 1; - avail = clear + 2; |