meta/recipes-multimedia/libtiff/tiff/CVE-2025-8177_2.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

From c3ad38afb9986b9ddcd7d95367ded152488260cd Mon Sep 17 00:00:00 2001
From: Lee Howard <faxguy@howardsilvan.com>
Date: Mon, 23 Jun 2025 10:09:07 -0700
Subject: [PATCH 7/7] set a default value - assumes cmap[0] was not, itself,
 uninitialized

CVE: CVE-2025-8177
Upstream-Status: Backport from [https://gitlab.com/libtiff/libtiff/-/commit/e8c9d6c616b19438695fd829e58ae4fde5bfbc22]
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
---
 tools/thumbnail.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/thumbnail.c b/tools/thumbnail.c
index 432d172..110ea42 100644
--- a/tools/thumbnail.c
+++ b/tools/thumbnail.c
@@ -627,7 +627,7 @@ static void setrow(uint8_t *row, uint32_t nrows, const uint8_t *rows[])
         else
         {
             fprintf(stderr, "acc=%d, area=%d\n", acc, area);
-            row++;
+            *row++ = cmap[0];
         }
     }
 }
-- 
2.47.3