summaryrefslogtreecommitdiff
path: root/patches/source/libtiff/tiff-3.9.7_CVE-2013-4232.diff
diff options
context:
space:
mode:
Diffstat (limited to 'patches/source/libtiff/tiff-3.9.7_CVE-2013-4232.diff')
-rw-r--r--patches/source/libtiff/tiff-3.9.7_CVE-2013-4232.diff24
1 files changed, 24 insertions, 0 deletions
diff --git a/patches/source/libtiff/tiff-3.9.7_CVE-2013-4232.diff b/patches/source/libtiff/tiff-3.9.7_CVE-2013-4232.diff
new file mode 100644
index 00000000..b86f8f4a
--- /dev/null
+++ b/patches/source/libtiff/tiff-3.9.7_CVE-2013-4232.diff
@@ -0,0 +1,24 @@
+From 8a2f9160cc4c52c73a62adef4d9282b2bd6e7ff1 Mon Sep 17 00:00:00 2001
+From: mancha <mancha1@hush.com>
+Date: Mon, 19 Aug 2013
+Subject: CVE-2013-4232
+
+* tools/tiff2pdf.c: terminate after failure of allocating
+ ycbcr buffer (bug #2449, CVE-2013-4232)
+
+---
+ tiff2pdf.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/tools/tiff2pdf.c 2013-08-20
++++ b/tools/tiff2pdf.c 2013-08-20
+@@ -2457,7 +2457,8 @@ tsize_t t2p_readwrite_pdf_image(T2P* t2p
+ t2p->tiff_datasize,
+ TIFFFileName(input));
+ t2p->t2p_error = T2P_ERR_ERROR;
+- _TIFFfree(buffer);
++ _TIFFfree(buffer);
++ return(0);
+ } else {
+ buffer=samplebuffer;
+ t2p->tiff_datasize *= t2p->tiff_samplesperpixel;