package/tiff: add patch to fix CVE-2025-8177
Fix the following vulnerability:
- CVE-2025-8177
A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as
critical. This issue affects the function setrow of the file
tools/thumbnail.c. The manipulation leads to buffer overflow. An
attack has to be approached locally. The patch is named
e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to apply a
patch to fix this issue. This vulnerability only affects products that
are no longer supported by the maintainer.
For more information, see:
- https://www.cve.org/CVERecord?id=CVE-2025-8177
- https://gitlab.com/libtiff/libtiff/-/merge_requests/737
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Thomas Perale
committed by
Peter Korsgaard
Peter Korsgaard
parent
b3974df966
commit
3db725d71d
35
package/tiff/0004-fix-for-thumbnail-issue.patch
Normal file
35
package/tiff/0004-fix-for-thumbnail-issue.patch
Normal file
@@ -0,0 +1,35 @@
|
||||
From e8de4dc1f923576dce9d625caeebd93f9db697e1 Mon Sep 17 00:00:00 2001
|
||||
From: Lee Howard <faxguy@howardsilvan.com>
|
||||
Date: Wed, 25 Jun 2025 17:14:18 +0000
|
||||
Subject: [PATCH] Fix for thumbnail issue #715
|
||||
|
||||
CVE: CVE-2025-8177
|
||||
Upstream: https://gitlab.com/libtiff/libtiff/-/commit/e8de4dc1f923576dce9d625caeebd93f9db697e1
|
||||
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
|
||||
---
|
||||
tools/thumbnail.c | 10 +++++++++-
|
||||
1 file changed, 9 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/tools/thumbnail.c b/tools/thumbnail.c
|
||||
index 9cade913..7e21f521 100644
|
||||
--- a/tools/thumbnail.c
|
||||
+++ b/tools/thumbnail.c
|
||||
@@ -620,7 +620,15 @@ static void setrow(uint8_t *row, uint32_t nrows, const uint8_t *rows[])
|
||||
}
|
||||
acc += bits[*src & mask1];
|
||||
}
|
||||
- *row++ = cmap[(255 * acc) / area];
|
||||
+ if (255 * acc / area < 256)
|
||||
+ {
|
||||
+ *row++ = cmap[(255 * acc) / area];
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ fprintf(stderr, "acc=%d, area=%d\n", acc, area);
|
||||
+ *row++ = cmap[0];
|
||||
+ }
|
||||
}
|
||||
}
|
||||
|
||||
--
|
||||
GitLab
|
||||
@@ -16,6 +16,9 @@ TIFF_INSTALL_STAGING = YES
|
||||
# 0001-don-t-skip-the-first-line-of-the-input-image.patch, 0002-fix-tiffmedian-bug.patch, 0003-conflict-resolution.patch
|
||||
TIFF_IGNORE_CVES += CVE-2025-8176
|
||||
|
||||
# 0004-fix-for-thumbnail-issue.patch
|
||||
TIFF_IGNORE_CVES += CVE-2025-8177
|
||||
|
||||
# webp has a (optional) dependency on tiff, so we can't have webp
|
||||
# support in tiff, or that would create a circular dependency.
|
||||
TIFF_CONF_OPTS = \
|
||||
|
||||
Reference in New Issue
Block a user