[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: possible regressing in tiff4/libtiff3 update (deb7u1)

On Thu, 26 Jan 2017, Raphael Hertzog wrote:
> But I have currently no idea of what the problem really is. And upstream
> has not yet merge any similar change to what we have done. At least
> https://github.com/vadz/libtiff/blob/master/libtiff/tif_dirinfo.c shows
> So we are a bit on our own here.

So looking more closely, in libtiff/tif_dirwrite.c
_TIFFWriteCustomDirectory goes over the list of all know tags
and produces output for tags which are marked in tif->tif_dir.td_fieldsset
and those tags are marked by their "field_bit" attribute.

This code thus assumes that the list ok known tags only contains a single
tag per unique fip->field_bit and this is no no longer the case with
the patches we added:
- CVE-2014-8128-5-fixed.patch
- CVE-2016-5318_CVE-2015-7554.patch

I guess we have no other choice than to drop all CODEC-specific tags
from the global list of tags... and thus reopen the above CVE, at
least in part.

Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/

Reply to: