| Summary: | CVE-2012-4564 libtiff ppm2tiff does not check the return value of the TIFFScanlineSize function | ||
|---|---|---|---|
| Product: | [ROSA-based products] ROSA Fresh | Reporter: | Alexander Khryukin <alexander.hryukin> |
| Component: | -Enter Bugs Here- | Assignee: | Desktop Triage Team <triage-desktop> |
| Status: | RESOLVED FIXED | QA Contact: | Desktop Triage Team <triage-desktop> |
| Severity: | normal | ||
| Priority: | Normal | ||
| Version: | Fresh | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Platform: | --- | ROSA Vulnerability identifier: | |
| RPM Package: | libtiff | ISO-related: | |
| Bad POT generating: | Upstream: | ||
|
Description
Alexander Khryukin
2012-12-18 17:55:31 MSK
Index: tif_pixarlog.c =================================================================== RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_pixarlog.c,v retrieving revision 1.36 retrieving revision 1.38 diff -u -r1.36 -r1.38 --- tif_pixarlog.c 24 May 2012 05:25:14 -0000 1.36 +++ tif_pixarlog.c 21 Jun 2012 01:01:53 -0000 1.38 @@ -673,7 +673,7 @@ td->td_rowsperstrip), sizeof(uint16)); if (tbuf_size == 0) return (0); /* TODO: this is an error return without error report through TIFFErrorExt */ - sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size); + sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size+sizeof(uint16)*sp->stride); if (sp->tbuf == NULL) return (0); if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN) |