Copied from Debian From 3996fa0f84f4a8b7e65fe4b8f0681711022034ea Mon Sep 17 00:00:00 2001 From: erouault Date: Sun, 21 Dec 2014 20:04:31 +0000 Subject: [PATCH] * tools/pal2rgb.c, tools/thumbnail.c: fix crash by disabling TIFFTAG_INKNAMES copying. The right fix would be to properly copy it, but not worth the burden for those esoteric utilities. http://bugzilla.maptools.org/show_bug.cgi?id=2484 (CVE-2014-8127) --- ChangeLog | 7 +++++++ tools/pal2rgb.c | 2 +- tools/thumbnail.c | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/tools/pal2rgb.c b/tools/pal2rgb.c index bfe7899..3fc3de3 100644 --- a/tools/pal2rgb.c +++ b/tools/pal2rgb.c @@ -372,7 +372,7 @@ static struct cpTag { { TIFFTAG_CLEANFAXDATA, 1, TIFF_SHORT }, { TIFFTAG_CONSECUTIVEBADFAXLINES, 1, TIFF_LONG }, { TIFFTAG_INKSET, 1, TIFF_SHORT }, - { TIFFTAG_INKNAMES, 1, TIFF_ASCII }, + /*{ TIFFTAG_INKNAMES, 1, TIFF_ASCII },*/ /* Needs much more complicated logic. See tiffcp */ { TIFFTAG_DOTRANGE, 2, TIFF_SHORT }, { TIFFTAG_TARGETPRINTER, 1, TIFF_ASCII }, { TIFFTAG_SAMPLEFORMAT, 1, TIFF_SHORT }, diff --git a/tools/thumbnail.c b/tools/thumbnail.c index c50bbff..73f9c34 100644 --- a/tools/thumbnail.c +++ b/tools/thumbnail.c @@ -257,7 +257,7 @@ static struct cpTag { { TIFFTAG_CLEANFAXDATA, 1, TIFF_SHORT }, { TIFFTAG_CONSECUTIVEBADFAXLINES, 1, TIFF_LONG }, { TIFFTAG_INKSET, 1, TIFF_SHORT }, - { TIFFTAG_INKNAMES, 1, TIFF_ASCII }, + /*{ TIFFTAG_INKNAMES, 1, TIFF_ASCII },*/ /* Needs much more complicated logic. See tiffcp */ { TIFFTAG_DOTRANGE, 2, TIFF_SHORT }, { TIFFTAG_TARGETPRINTER, 1, TIFF_ASCII }, { TIFFTAG_SAMPLEFORMAT, 1, TIFF_SHORT },