Re: possible regressing in tiff4/libtiff3 update (deb7u1)
On Thu, 26 Jan 2017, Raphael Hertzog wrote:
> But I have currently no idea of what the problem really is. And upstream
> has not yet merge any similar change to what we have done. At least
> https://github.com/vadz/libtiff/blob/master/libtiff/tif_dirinfo.c shows
> neither PREDICTOR nor BADFAXLINES.
>
> So we are a bit on our own here.
So looking more closely, in libtiff/tif_dirwrite.c
_TIFFWriteCustomDirectory goes over the list of all know tags
and produces output for tags which are marked in tif->tif_dir.td_fieldsset
and those tags are marked by their "field_bit" attribute.
This code thus assumes that the list ok known tags only contains a single
tag per unique fip->field_bit and this is no no longer the case with
the patches we added:
- CVE-2014-8128-5-fixed.patch
- CVE-2016-5318_CVE-2015-7554.patch
I guess we have no other choice than to drop all CODEC-specific tags
from the global list of tags... and thus reopen the above CVE, at
least in part.
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/
Reply to: