19 lines
806 B
Diff
19 lines
806 B
Diff
* SECURITY UPDATE: Arbitrary command execution with crafted TIF files.
|
|
* Add debian/patches/tiff2pdf-octal-printf.patch:
|
|
- tools/tiff2pdf.c: Fix buffer overflow due to wrong printf for octal
|
|
signed char (it printed a signed integer, which overflow the buffer and
|
|
was wrong anyway).
|
|
- CVE-2006-2193
|
|
|
|
--- tiff-3.8.2/tools/tiff2pdf.c 2006-03-21 17:42:51.000000000 +0100
|
|
+++ tiff-3.8.2/tools/tiff2pdf.c.fix 2006-06-15 17:00:23.000000000 +0200
|
|
@@ -3668,7 +3668,7 @@
|
|
written += TIFFWriteFile(output, (tdata_t) "(", 1);
|
|
for (i=0;i<len;i++){
|
|
if((pdfstr[i]&0x80) || (pdfstr[i]==127) || (pdfstr[i]<32)){
|
|
- sprintf(buffer, "\\%.3o", pdfstr[i]);
|
|
+ sprintf(buffer, "\\%.3hho", pdfstr[i]);
|
|
written += TIFFWriteFile(output, (tdata_t) buffer, 4);
|
|
} else {
|
|
switch (pdfstr[i]){
|