summaryrefslogtreecommitdiffstats
path: root/meta/recipes-multimedia/libtiff/tiff
Commit message (Collapse)AuthorAgeFilesLines
* tiff: fix CVE-2023-52355 and CVE-2023-52356Yogita Urade2024-02-083-0/+315
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CVE-2023-52355: An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB. Issue fixed by providing a documentation update. CVE-2023-52356: A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. References: https://nvd.nist.gov/vuln/detail/CVE-2023-52355 https://security-tracker.debian.org/tracker/CVE-2023-52355 https://gitlab.com/libtiff/libtiff/-/issues/621 https://gitlab.com/libtiff/libtiff/-/merge_requests/553 https://nvd.nist.gov/vuln/detail/CVE-2023-52356 https://gitlab.com/libtiff/libtiff/-/issues/622 https://gitlab.com/libtiff/libtiff/-/merge_requests/546 (From OE-Core rev: 831d7a2fffb3dec94571289292f0940bc7ecd70a) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: fix CVE-2023-6228Yogita Urade2024-01-211-0/+31
| | | | | | | | | | | | | | | | | | CVE-2023-6228: An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash. References: https://nvd.nist.gov/vuln/detail/CVE-2023-6228 https://gitlab.com/libtiff/libtiff/-/issues/606 (From OE-Core rev: 55735e0d75820d59e569a630679f9ac403c7fdbe) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Backport fixes for CVE-2023-6277Khem Raj2023-12-063-0/+225
| | | | | | | | (From OE-Core rev: d115e17ad7775cf5bbfd402e98e61f362ac96efa) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: update 4.3.0 -> 4.4.0Alexander Kanavin2022-06-079-581/+0
| | | | | | | | | | Drop all CVE backports. (From OE-Core rev: ec3897659a046e7e3f652cabd04e98bb56f1b261) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Add marker for CVE-2022-1056 being fixedRichard Purdie2022-04-131-0/+1
| | | | | | | | | As far as I can tell, the patches being applied also fix CVE-2022-1056 so mark as such. (From OE-Core rev: 256d212fd1eb9b6d4b87c2c84b1ea2a3afdeb843) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: backport CVE fixes:Ross Burton2022-03-236-0/+475
| | | | | | | | | | | | | | | | Backport fixes for the following CVEs: - CVE-2022-0865 - CVE-2022-0891 - CVE-2022-0907 - CVE-2022-0908 - CVE-2022-0909 - CVE-2022-0924 (From OE-Core rev: 2fe35de73cfa8de444d7ffb24246e8f87c36ee8d) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Add backports for two CVEs from upstreamRichard Purdie2022-02-213-0/+105
| | | | | | (From OE-Core rev: 6ae14b4ff7a655b48c6d99ac565d12bf8825414f) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: update to 4.1.0Alexander Kanavin2019-11-214-647/+0
| | | | | | | | | Drop backported patches. (From OE-Core rev: e5ecf2604e5b8c957eb3bae21fb3c9b2b1b7e12f) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libtiff: fix CVE-2019-17546Joe Slater2019-10-311-0/+103
| | | | | | | | | | Apply unmodified patch from upstream. (From OE-Core rev: 844e7aa217f5ecf46766a07d46f9d7f083668e8e) Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: fix CVE-2019-14973Trevor Gamblin2019-10-021-0/+415
| | | | | | | | | | | CVE reference: https://nvd.nist.gov/vuln/detail/CVE-2019-14973 Upstream merge: https://gitlab.com/libtiff/libtiff/commit/2218055c (From OE-Core rev: b57304c1afb73a698a1c40a017d433e4d81a8df2) Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: fix CVE-2019-7663Ross Burton2019-07-161-0/+77
| | | | | | | (From OE-Core rev: d06d6910d1ec9374bb15e02809e64e81198731b6) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: fix CVE-2019-6128Ross Burton2019-07-161-0/+52
(From OE-Core rev: 7293e417dd9bdd04fe0fec177a76c9286234ed46) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-27 00:27:12 +0000