diff options
| author | Yogita Urade <yogita.urade@windriver.com> | 2025-08-06 17:54:13 +0530 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2025-08-18 13:18:01 -0700 |
| commit | dc468377e8843b52b1a55d4b0ba30bbc4b40a7a5 (patch) | |
| tree | bd3bc3e39cfd046afae252753df7233337094b59 | |
| parent | c2581b7811559bd2220b1d06c027ff612e5295e9 (diff) | |
| download | poky-dc468377e8843b52b1a55d4b0ba30bbc4b40a7a5.tar.gz | |
tiff: fix CVE-2025-8177
A vulnerability was found in LibTIFF up to 4.7.0. It has been
rated as critical. This issue affects the function setrow of the
file tools/thumbnail.c. The manipulation leads to buffer overflow.
An attack has to be approached locally. The patch is named
e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It is recommended to
apply a patch to fix this issue. This vulnerability only affects
products that are no longer supported by the maintainer.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-8177
Upstream patch:
https://gitlab.com/libtiff/libtiff/-/commit/e8de4dc1f923576dce9d625caeebd93f9db697e1
(From OE-Core rev: fbf3238630c104c9e17d6e902986358cea5986ff)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
| -rw-r--r-- | meta/recipes-multimedia/libtiff/tiff/CVE-2025-8177.patch | 35 | ||||
| -rw-r--r-- | meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 1 |
2 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8177.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8177.patch new file mode 100644 index 0000000000..30dbccd94f --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8177.patch | |||
| @@ -0,0 +1,35 @@ | |||
| 1 | From e8de4dc1f923576dce9d625caeebd93f9db697e1 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Lee Howard <faxguy@howardsilvan.com> | ||
| 3 | Date: Wed, 25 Jun 2025 17:14:18 +0000 | ||
| 4 | Subject: [PATCH] Fix for thumbnail issue #715 | ||
| 5 | |||
| 6 | CVE: CVE-2025-8177 | ||
| 7 | Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/e8de4dc1f923576dce9d625caeebd93f9db697e1] | ||
| 8 | |||
| 9 | Signed-off-by: Yogita Urade <yogita.urade@windriver.com> | ||
| 10 | --- | ||
| 11 | tools/thumbnail.c | 8 ++++++++ | ||
| 12 | 1 file changed, 8 insertions(+) | ||
| 13 | |||
| 14 | diff --git a/tools/thumbnail.c b/tools/thumbnail.c | ||
| 15 | index 274705d..8960d36 100644 | ||
| 16 | --- a/tools/thumbnail.c | ||
| 17 | +++ b/tools/thumbnail.c | ||
| 18 | @@ -538,7 +538,15 @@ setrow(uint8_t* row, uint32_t nrows, const uint8_t* rows[]) | ||
| 19 | } | ||
| 20 | acc += bits[*src & mask1]; | ||
| 21 | } | ||
| 22 | + if (255 * acc / area < 256) | ||
| 23 | + { | ||
| 24 | *row++ = cmap[(255*acc)/area]; | ||
| 25 | + } | ||
| 26 | + else | ||
| 27 | + { | ||
| 28 | + fprintf(stderr, "acc=%d, area=%d\n", acc, area); | ||
| 29 | + *row++ = cmap[0]; | ||
| 30 | + } | ||
| 31 | } | ||
| 32 | } | ||
| 33 | |||
| 34 | -- | ||
| 35 | 2.40.0 | ||
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb index 6ff31bd0bb..4c9c212312 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | |||
| @@ -58,6 +58,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ | |||
| 58 | file://CVE-2025-8176-0001.patch \ | 58 | file://CVE-2025-8176-0001.patch \ |
| 59 | file://CVE-2025-8176-0002.patch \ | 59 | file://CVE-2025-8176-0002.patch \ |
| 60 | file://CVE-2025-8176-0003.patch \ | 60 | file://CVE-2025-8176-0003.patch \ |
| 61 | file://CVE-2025-8177.patch \ | ||
| 61 | " | 62 | " |
| 62 | 63 | ||
| 63 | SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8" | 64 | SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8" |
