tiff: Security fix CVE-2016-9535 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Mingli Yu <Mingli.Yu@windriver.com>	2016-12-07 16:01:11 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-05-18 13:14:21 +0100
commit	014af27dcbbaf5d8482a2cf063a5aa7eeba1a915 (patch)
tree	af1ec0b5671833c865d6f00914b81416e18be14b /documentation
parent	ca4703b6cf92a2e8c60660c1f0b779293f773d22 (diff)
download	poky-014af27dcbbaf5d8482a2cf063a5aa7eeba1a915.tar.gz

tiff: Security fix CVE-2016-9535

* libtiff/tif_predict.h, libtiff/tif_predict.c: Replace assertions by runtime checks to avoid assertions in debug mode, or buffer overflows in release mode. Can happen when dealing with unusual tile size like YCbCr with subsampling. External References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9535 Patch from: https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1 https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33 (From OE-Core rev: 61d3feb9cad9f61f6551b43f4f19bfa33cadd275) (From OE-Core rev: d55b4470c20f4a4b73b1e6f148a45d94649dfdb5) (From OE-Core rev: 3f22e42b981319b1aaa15871a90753060817c911) Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'documentation')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: