meta-oe/recipes-support/imagemagick/files/CVE-2021-3610.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

From 930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3 Mon Sep 17 00:00:00 2001
From: Cristy <mikayla-grace@urban-warrior.org>
Date: Thu, 27 May 2021 10:30:17 -0400
Subject: [PATCH] eliminate heap buffer overflow vulnerability, thanks to
 ZhangJiaxing (@r0fm1a) from Codesafe Team of Legendsec at Qi'anxin Group

CVE: CVE-2021-3610
Upstream-Status: https://github.com/ImageMagick/ImageMagick/commit/930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3.patch]
Signed-off-by: Sana Kazi Sana.Kazi@kpit.com
---
 coders/tiff.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/coders/tiff.c b/coders/tiff.c
index 277b9788be5..b88ce368ba5 100644
--- a/coders/tiff.c
+++ b/coders/tiff.c
@@ -1894,7 +1894,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
         /*
           Convert stripped TIFF image.
         */
-        extent=2*TIFFStripSize(tiff);
+        extent=4*TIFFStripSize(tiff);
 #if defined(TIFF_VERSION_BIG)
         extent+=image->columns*sizeof(uint64);
 #else