14 Commits

Author	SHA1	Message	Date
Yogita Urade	2ce56bd707	tiff: fix CVE-2025-9900 ... A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file.[EOL][EOL]By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-9900 Upstream patch: 3e0dcf0ec6 (From OE-Core rev: c1303b8eb4e85a031a175867361876a256bfb763) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2025-10-09 12:16:45 -07:00
Siddharth Doshi	c58add8ab8	Tiff: Security fix for CVE-2024-7006 ... Upstream-Status: Backport from [818fb8ce88] CVE's Fixed: CVE-2024-7006 libtiff: NULL pointer dereference in tif_dirinfo.c (From OE-Core rev: 7fd3c7e9742a4efa0fbebc1d0ed1da8f6d960175) Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 5313b4b233a486e8a1483757ad9c9aed3a213aae) Signed-off-by: Steve Sakoman <steve@sakoman.com>	2024-08-26 05:18:43 -07:00
Yogita Urade	eba805ace4	tiff: fix CVE-2023-52355 and CVE-2023-52356 ... CVE-2023-52355: An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB. Issue fixed by providing a documentation update. CVE-2023-52356: A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. References: https://nvd.nist.gov/vuln/detail/CVE-2023-52355 https://security-tracker.debian.org/tracker/CVE-2023-52355 https://gitlab.com/libtiff/libtiff/-/issues/621 https://gitlab.com/libtiff/libtiff/-/merge_requests/553 https://nvd.nist.gov/vuln/detail/CVE-2023-52356 https://gitlab.com/libtiff/libtiff/-/issues/622 https://gitlab.com/libtiff/libtiff/-/merge_requests/546 (From OE-Core rev: 831d7a2fffb3dec94571289292f0940bc7ecd70a) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2024-02-08 10:53:13 +00:00
Yogita Urade	fcc39f3e04	tiff: fix CVE-2023-6228 ... CVE-2023-6228: An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash. References: https://nvd.nist.gov/vuln/detail/CVE-2023-6228 https://gitlab.com/libtiff/libtiff/-/issues/606 (From OE-Core rev: 55735e0d75820d59e569a630679f9ac403c7fdbe) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2024-01-21 12:27:12 +00:00
Khem Raj	2b32e0fd6e	tiff: Backport fixes for CVE-2023-6277 ... (From OE-Core rev: d115e17ad7775cf5bbfd402e98e61f362ac96efa) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-12-06 22:55:50 +00:00
Alexander Kanavin	5709914874	tiff: update 4.3.0 -> 4.4.0 ... Drop all CVE backports. (From OE-Core rev: ec3897659a046e7e3f652cabd04e98bb56f1b261) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-06-07 21:21:54 +01:00
Richard Purdie	45afc335d3	tiff: Add marker for CVE-2022-1056 being fixed ... As far as I can tell, the patches being applied also fix CVE-2022-1056 so mark as such. (From OE-Core rev: 256d212fd1eb9b6d4b87c2c84b1ea2a3afdeb843) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-04-13 16:52:24 +01:00
Ross Burton	a2b1bfd957	tiff: backport CVE fixes: ... Backport fixes for the following CVEs: - CVE-2022-0865 - CVE-2022-0891 - CVE-2022-0907 - CVE-2022-0908 - CVE-2022-0909 - CVE-2022-0924 (From OE-Core rev: 2fe35de73cfa8de444d7ffb24246e8f87c36ee8d) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-03-23 12:13:50 +00:00
Richard Purdie	e600227b13	tiff: Add backports for two CVEs from upstream ... (From OE-Core rev: 6ae14b4ff7a655b48c6d99ac565d12bf8825414f) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2022-02-21 07:52:04 +00:00
Alexander Kanavin	f931a332d1	tiff: update to 4.1.0 ... Drop backported patches. (From OE-Core rev: e5ecf2604e5b8c957eb3bae21fb3c9b2b1b7e12f) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-21 23:08:19 +00:00
Joe Slater	6df6e5d3ba	libtiff: fix CVE-2019-17546 ... Apply unmodified patch from upstream. (From OE-Core rev: 844e7aa217f5ecf46766a07d46f9d7f083668e8e) Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-10-31 16:09:35 +00:00
Trevor Gamblin	c855f55a7d	tiff: fix CVE-2019-14973 ... CVE reference: https://nvd.nist.gov/vuln/detail/CVE-2019-14973 Upstream merge: https://gitlab.com/libtiff/libtiff/commit/2218055c (From OE-Core rev: b57304c1afb73a698a1c40a017d433e4d81a8df2) Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-10-02 10:09:47 +01:00
Ross Burton	8e63ec13b4	tiff: fix CVE-2019-7663 ... (From OE-Core rev: d06d6910d1ec9374bb15e02809e64e81198731b6) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-16 13:53:17 +01:00
Ross Burton	d3e9a9b2a0	tiff: fix CVE-2019-6128 ... (From OE-Core rev: 7293e417dd9bdd04fe0fec177a76c9286234ed46) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-16 13:53:16 +01:00