]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: d80b6e3) | patch
tiff: Security fix CVE-2016-9535
authorMingli Yu <Mingli.Yu@windriver.com>
Wed, 7 Dec 2016 08:01:11 +0000 (16:01 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Thu, 18 May 2017 12:13:38 +0000 (13:13 +0100)
commit3f22e42b981319b1aaa15871a90753060817c911
treed5b289f2627a465281c9ed056bb5605fe4e67750tree | snapshot
parentd80b6e399e2c14b99c629b4548c7ec38e35fe93ecommit | diff
tiff: Security fix CVE-2016-9535

* libtiff/tif_predict.h, libtiff/tif_predict.c:
Replace assertions by runtime checks to avoid assertions in debug mode,
or buffer overflows in release mode. Can happen when dealing with
unusual tile size like YCbCr with subsampling.

External References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9535

Patch from:
https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1
https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33

(From OE-Core rev: 61d3feb9cad9f61f6551b43f4f19bfa33cadd275)

(From OE-Core rev: d55b4470c20f4a4b73b1e6f148a45d94649dfdb5)

Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta/recipes-multimedia/libtiff/files/CVE-2016-9535-1.patch [new file with mode: 0644] blob
meta/recipes-multimedia/libtiff/files/CVE-2016-9535-2.patch [new file with mode: 0644] blob
meta/recipes-multimedia/libtiff/tiff_4.0.6.bb diff | blob | history
Mirror of the official openembedded-core repository