bb3536112b
CVE-2013-1960 - Heap-based buffer overflow CVE-2013-1961 - Stack-based buffer overflow ok sthen@
19 lines
682 B
Plaintext
19 lines
682 B
Plaintext
$OpenBSD: patch-libtiff_tif_dirinfo_c,v 1.8 2013/05/03 11:00:39 jasper Exp $
|
|
|
|
Security fix for CVE-2013-1961 libtiff (tiff2pdf): Stack-based buffer overflow
|
|
with malformed image-length and resolution
|
|
|
|
Patch from https://bugzilla.redhat.com/show_bug.cgi?id=952131
|
|
|
|
--- libtiff/tif_dirinfo.c.orig Sun Aug 19 18:56:34 2012
|
|
+++ libtiff/tif_dirinfo.c Mon Sep 24 21:30:29 2012
|
|
@@ -711,7 +711,7 @@ _TIFFCreateAnonField(TIFF *tif, uint32 tag, TIFFDataTy
|
|
* note that this name is a special sign to TIFFClose() and
|
|
* _TIFFSetupFields() to free the field
|
|
*/
|
|
- sprintf(fld->field_name, "Tag %d", (int) tag);
|
|
+ snprintf(fld->field_name, 32, "Tag %d", (int) tag);
|
|
|
|
return fld;
|
|
}
|