From: Peter Marko <[email protected]> Pick patch from merge request mentioned in NVD report.
Signed-off-by: Peter Marko <[email protected]> --- .../libtiff/tiff/CVE-2025-61143.patch | 44 +++++++++++++++++++ meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 1 + 2 files changed, 45 insertions(+) create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-61143.patch diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-61143.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-61143.patch new file mode 100644 index 00000000000..ed0438fec97 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-61143.patch @@ -0,0 +1,44 @@ +From 4d28af5fe61b1760f10981f5072ff1e6fd44f210 Mon Sep 17 00:00:00 2001 +From: Lee Howard <[email protected]> +Date: Fri, 5 Sep 2025 21:44:49 +0000 +Subject: [PATCH] tiffcrop: avoid nullptr dereference + +Fixes #734 + +CVE: CVE-2025-61143 +Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/4d28af5fe61b1760f10981f5072ff1e6fd44f210] +Signed-off-by: Peter Marko <[email protected]> +--- + tools/tiffcrop.c | 2 +- + tools/tiffdither.c | 5 +++++ + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c +index ae414efc..1cbb49b6 100644 +--- a/tools/tiffcrop.c ++++ b/tools/tiffcrop.c +@@ -2561,7 +2561,7 @@ main(int argc, char* argv[]) + + if (dump.outfile != NULL) + { +- dump_info (dump.outfile, dump.format, "", "Completed run for %s", TIFFFileName(out)); ++ dump_info (dump.outfile, dump.format, "", "Completed run for %s", out ? TIFFFileName(out) : "(not opened)"); + fclose (dump.outfile); + } + } +diff --git a/tools/tiffdither.c b/tools/tiffdither.c +index 3c64fdc0..405527c7 100644 +--- a/tools/tiffdither.c ++++ b/tools/tiffdither.c +@@ -84,6 +84,11 @@ fsdither(TIFF* in, TIFF* out) + fprintf(stderr, "Out of memory.\n"); + goto skip_on_error; + } ++ if (imagewidth > TIFFScanlineSize(in)) ++ { ++ fprintf(stderr, "Image width exceeds scanline size.\n"); ++ goto skip_on_error; ++ } + + /* + * Get first line diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb index 84c3028b458..4c2b0a800b4 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb @@ -65,6 +65,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ file://CVE-2025-9900.patch \ file://CVE-2025-8961.patch \ file://CVE-2025-9165.patch \ + file://CVE-2025-61143.patch \ " SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#232669): https://lists.openembedded.org/g/openembedded-core/message/232669 Mute This Topic: https://lists.openembedded.org/mt/118211977/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
