libtiff5/libtiff-3.8.2-cve_2006_2193.patch

19 lines
806 B
Diff

* SECURITY UPDATE: Arbitrary command execution with crafted TIF files.
* Add debian/patches/tiff2pdf-octal-printf.patch:
- tools/tiff2pdf.c: Fix buffer overflow due to wrong printf for octal
signed char (it printed a signed integer, which overflow the buffer and
was wrong anyway).
- CVE-2006-2193
--- tiff-3.8.2/tools/tiff2pdf.c 2006-03-21 17:42:51.000000000 +0100
+++ tiff-3.8.2/tools/tiff2pdf.c.fix 2006-06-15 17:00:23.000000000 +0200
@@ -3668,7 +3668,7 @@
written += TIFFWriteFile(output, (tdata_t) "(", 1);
for (i=0;i<len;i++){
if((pdfstr[i]&0x80) || (pdfstr[i]==127) || (pdfstr[i]<32)){
- sprintf(buffer, "\\%.3o", pdfstr[i]);
+ sprintf(buffer, "\\%.3hho", pdfstr[i]);
written += TIFFWriteFile(output, (tdata_t) buffer, 4);
} else {
switch (pdfstr[i]){