diff options
Diffstat (limited to 'source/l/libtiff/tiff-3.9.7_CVE-2013-4244.diff')
| -rw-r--r-- | source/l/libtiff/tiff-3.9.7_CVE-2013-4244.diff | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/source/l/libtiff/tiff-3.9.7_CVE-2013-4244.diff b/source/l/libtiff/tiff-3.9.7_CVE-2013-4244.diff new file mode 100644 index 00000000..4f8c5432 --- /dev/null +++ b/source/l/libtiff/tiff-3.9.7_CVE-2013-4244.diff @@ -0,0 +1,24 @@ +From 7f4cfaec643863fcdc260da46af8d6581974101d Mon Sep 17 00:00:00 2001 +From: mancha <mancha1@hush.com> +Date: Mon, 19 Aug 2013 +Subject: CVE-2013-4244 + +* tools/gif2tiff.c: fix possible OOB write (#2452, CVE-2013-4244) + +--- + gif2tiff.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/tools/gif2tiff.c 2013-08-20 ++++ b/tools/gif2tiff.c 2013-08-20 +@@ -396,6 +398,10 @@ process(register int code, unsigned char + } + + if (oldcode == -1) { ++ if (code >= clear) { ++ fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear); ++ return 0; ++ } + *(*fill)++ = suffix[code]; + firstchar = oldcode = code; + return 1; |