]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: fa10710) | patch
tiff: Security fix CVE-2016-9535
authorMingli Yu <Mingli.Yu@windriver.com>
Wed, 7 Dec 2016 08:01:11 +0000 (16:01 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Thu, 8 Dec 2016 10:26:11 +0000 (10:26 +0000)
commit61d3feb9cad9f61f6551b43f4f19bfa33cadd275
treef55c3e0c3d981f1c0b11d34759c2a41050deafcctree | snapshot
parentfa107101ae42cf42a954c1c9af6a7d3ed298b384commit | diff
tiff: Security fix CVE-2016-9535

* libtiff/tif_predict.h, libtiff/tif_predict.c:
Replace assertions by runtime checks to avoid assertions in debug mode,
or buffer overflows in release mode. Can happen when dealing with
unusual tile size like YCbCr with subsampling.

External References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9535

Patch from:
https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1
https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33

Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
meta/recipes-multimedia/libtiff/files/CVE-2016-9535-1.patch [new file with mode: 0644] blob
meta/recipes-multimedia/libtiff/files/CVE-2016-9535-2.patch [new file with mode: 0644] blob
meta/recipes-multimedia/libtiff/tiff_4.0.6.bb diff | blob | history
Mirror of the official openembedded-core repository