summaryrefslogtreecommitdiffstats
path: root/source/l/libtiff/tiff-3.9.7_CVE-2013-4231.diff
diff options
context:
space:
mode:
Diffstat (limited to 'source/l/libtiff/tiff-3.9.7_CVE-2013-4231.diff')
-rw-r--r--source/l/libtiff/tiff-3.9.7_CVE-2013-4231.diff23
1 files changed, 23 insertions, 0 deletions
diff --git a/source/l/libtiff/tiff-3.9.7_CVE-2013-4231.diff b/source/l/libtiff/tiff-3.9.7_CVE-2013-4231.diff
new file mode 100644
index 000000000..79eeb449f
--- /dev/null
+++ b/source/l/libtiff/tiff-3.9.7_CVE-2013-4231.diff
@@ -0,0 +1,23 @@
+From 5d19703933eaa59f97be9c88237fe00593f180ae Mon Sep 17 00:00:00 2001
+From: mancha <mancha1@hush.com>
+Date: Mon, 19 Aug 2013
+Subject: CVE-2013-4231
+
+* tools/gif2tiff.c: Be more careful about corrupt or
+ hostile input files (#2450, CVE-2013-4231)
+
+---
+ gif2tiff.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/tools/gif2tiff.c 2013-08-20
++++ b/tools/gif2tiff.c 2013-08-20
+@@ -329,6 +329,8 @@ readraster(void)
+ int status = 1;
+
+ datasize = getc(infile);
++ if (datasize > 12)
++ return 0;
+ clear = 1 << datasize;
+ eoi = clear + 1;
+ avail = clear + 2;