cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openbsd-ports/graphics/tiff/patches/patch-libtiff_tif_codec_c
jasper bb3536112b Security fixes for 
CVE-2013-1960 - Heap-based buffer overflow
CVE-2013-1961 - Stack-based buffer overflow

ok sthen@
2013-05-03 11:00:39 +00:00

19 lines
871 B
Plaintext
Raw Blame History

$OpenBSD: patch-libtiff_tif_codec_c,v 1.3 2013/05/03 11:00:39 jasper Exp $
Security fix for CVE-2013-1961 libtiff (tiff2pdf): Stack-based buffer overflow
with malformed image-length and resolution
Patch from https://bugzilla.redhat.com/show_bug.cgi?id=952131
--- libtiff/tif_codec.c.orig Tue Dec 14 15:18:28 2010
+++ libtiff/tif_codec.c Wed Apr 11 18:22:55 2012
@@ -108,7 +108,7 @@ _notConfigured(TIFF* tif)
const TIFFCodec* c = TIFFFindCODEC(tif->tif_dir.td_compression);
char compression_code[20];
- sprintf( compression_code, "%d", tif->tif_dir.td_compression );
+ snprintf( compression_code, sizeof(compression_code), "%d", tif->tif_dir.td_compression );
TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
"%s compression support is not configured",
c ? c->name : compression_code );
Reference in New Issue View Git Blame Copy Permalink