tiff: backport upstream fix for CVE-2022-2867, CVE-2022-2868, CVE-2022-2869 (!348) · Merge requests · Eclipse Projects / Oniro Core / Oniro

Ghassane Ben El Aattar requested to merge ghassaneben/oniro:ghassaneben-kirkstone-patch-77760 into kirkstone Oct 20, 2022

Fixes upstream issue #352 (closed) where a buffer overflow was generated
by an uint underflow in tiffcrop.c computeInputPixelOffsets()
calculating (uint32_t)(0 - 1) around line 5210. In the following
tiffcrop tries to read pixels from the image at an offset far beyond the
file-/buffersize.
The main region checks in computeInputPixelOffsets() are now updated to
avoid uint underflow.
This update fixes also upstream issues #350 (closed) and #351 (closed).
Issue 350 is fixed by checking for not allowed zone input cases like -Z
0:0 in getCropOffsets().
Furthermore upstream issue #335 (moved) (closed) and #336 (closed) (closed) are also
fixed.
CVE: CVE-2022-2867, CVE-2022-2868, CVE-2022-2869

Signed-off-by: Ghassane Ben El Aattar ghassaneb.aattar@huawei.com

Edited Oct 27, 2022 by Ghassane Ben El Aattar

tiff: backport upstream fix for CVE-2022-2867, CVE-2022-2868, CVE-2022-2869

Merge request reports