1 files changed, 35 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-3576.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-3576.patch
new file mode 100644
index 0000000000..67837fe142
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-3576.patch
@@ -0,0 +1,35 @@
+From 881a070194783561fd209b7c789a4e75566f7f37 Mon Sep 17 00:00:00 2001
+From: zhailiangliang <zhailiangliang@loongson.cn>
+Date: Tue, 7 Mar 2023 15:02:08 +0800
+Subject: [PATCH] Fix memory leak in tiffcrop.c
+Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/881a070194783561fd209b7c789a4e75566f7f37]
+CVE: CVE-2023-3576
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ tools/tiffcrop.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index f14bb0c..7121c7c 100644
+--- a/tools/tiffcrop.c
+++ b/tools/tiffcrop.c
+@@ -7746,8 +7746,13 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop,
+ 
+   read_buff = *read_buff_ptr;
+ 
+  /* Memory is freed before crop_buff_ptr is overwritten */
+    if (*crop_buff_ptr != NULL)
+    {
+       _TIFFfree(*crop_buff_ptr);
+    }
+
+   /* process full image, no crop buffer needed */
+-  crop_buff = read_buff;
+   *crop_buff_ptr = read_buff;
+   crop->combined_width = image->width;
+   crop->combined_length = image->length;
+-- 
+2.25.1

diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-3576.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-3576.patch new file mode 100644 index 0000000000..67837fe142 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-3576.patch
@@ -0,0 +1,35 @@
	1	From 881a070194783561fd209b7c789a4e75566f7f37 Mon Sep 17 00:00:00 2001
	2	From: zhailiangliang <zhailiangliang@loongson.cn>
	3	Date: Tue, 7 Mar 2023 15:02:08 +0800
	4	Subject: [PATCH] Fix memory leak in tiffcrop.c
	5
	6	Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/881a070194783561fd209b7c789a4e75566f7f37]
	7	CVE: CVE-2023-3576
	8	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
	9	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
	10	---
	11	tools/tiffcrop.c \| 7 ++++++-
	12	1 file changed, 6 insertions(+), 1 deletion(-)
	13
	14	diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
	15	index f14bb0c..7121c7c 100644
	16	--- a/tools/tiffcrop.c
	17	+++ b/tools/tiffcrop.c
	18	@@ -7746,8 +7746,13 @@ createCroppedImage(struct image_data image, struct crop_mask crop,
	19
	20	read_buff = *read_buff_ptr;
	21
	22	+ /* Memory is freed before crop_buff_ptr is overwritten */
	23	+ if (*crop_buff_ptr != NULL)
	24	+ {
	25	+ _TIFFfree(*crop_buff_ptr);
	26	+ }
	27	+
	28	/* process full image, no crop buffer needed */
	29	- crop_buff = read_buff;
	30	*crop_buff_ptr = read_buff;
	31	crop->combined_width = image->width;
	32	crop->combined_length = image->length;
	33	--
	34	2.25.1
	35