]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: a28dc4c) | patch
tiff: Security fix CVE-2016-9535
authorMingli Yu <Mingli.Yu@windriver.com>
Wed, 7 Dec 2016 08:01:11 +0000 (16:01 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Wed, 11 Jan 2017 11:46:46 +0000 (11:46 +0000)
commitd55b4470c20f4a4b73b1e6f148a45d94649dfdb5
tree0dabbe27ae4f0bd84e193405bb634f1d794f734btree | snapshot
parenta28dc4cf7a8f67444f2f88248966478e385491d2commit | diff
tiff: Security fix CVE-2016-9535

* libtiff/tif_predict.h, libtiff/tif_predict.c:
Replace assertions by runtime checks to avoid assertions in debug mode,
or buffer overflows in release mode. Can happen when dealing with
unusual tile size like YCbCr with subsampling.

External References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9535

Patch from:
https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1
https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33

(From OE-Core rev: 61d3feb9cad9f61f6551b43f4f19bfa33cadd275)

Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta/recipes-multimedia/libtiff/files/CVE-2016-9535-1.patch [new file with mode: 0644] blob
meta/recipes-multimedia/libtiff/files/CVE-2016-9535-2.patch [new file with mode: 0644] blob
meta/recipes-multimedia/libtiff/tiff_4.0.6.bb diff | blob | history
Mirror of the official openembedded-core repository