slackware-current/source/l/libtiff/tiff-3.9.7_CVE-2013-4231.diff
Patrick J Volkerding 76fc4757ac Slackware 14.1
Mon Nov  4 17:08:47 UTC 2013
Slackware 14.1 x86_64 stable is released!

It's been another interesting release cycle here at Slackware bringing
new features like support for UEFI machines, updated compilers and
development tools, the switch from MySQL to MariaDB, and many more
improvements throughout the system.  Thanks to the team, the upstream
developers, the dedicated Slackware community, and everyone else who
pitched in to help make this release a reality.

The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a
dual-sided
32-bit/64-bit x86/x86_64 DVD.  Please consider supporting the Slackware
project by picking up a copy from store.slackware.com.  We're taking
pre-orders now, and offer a discount if you sign up for a subscription.

Have fun!  :-)
2018-05-31 22:57:36 +02:00

23 lines
583 B
Diff

From 5d19703933eaa59f97be9c88237fe00593f180ae Mon Sep 17 00:00:00 2001
From: mancha <mancha1@hush.com>
Date: Mon, 19 Aug 2013
Subject: CVE-2013-4231
* tools/gif2tiff.c: Be more careful about corrupt or
hostile input files (#2450, CVE-2013-4231)
---
gif2tiff.c | 2 ++
1 file changed, 2 insertions(+)
--- a/tools/gif2tiff.c 2013-08-20
+++ b/tools/gif2tiff.c 2013-08-20
@@ -329,6 +329,8 @@ readraster(void)
int status = 1;
datasize = getc(infile);
+ if (datasize > 12)
+ return 0;
clear = 1 << datasize;
eoi = clear + 1;
avail = clear + 2;