1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
From: Cristy <mikayla-grace@urban-warrior.org>
Date: Sun, 30 May 2021 20:57:18 -0400
Subject: [2/2] CVE-2021-3610 eliminate heap buffer overflow vulnerability in
TIFF coder
Thanks to ZhangJiaxing (@r0fm1a) from Codesafe Team of Legendsec at Qi'anxin Group
bug: https://github.com/ImageMagick/ImageMagick6/issues/244
origin: https://github.com/ImageMagick/ImageMagick6/commit/b307bcadcdf6ea6819951ac1786b7904f27b25c6.patch
bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2021-3610
(cherry picked from commit c75ae771a00c38b757c5ef4b424b51e761b02552)
---
coders/tiff.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/coders/tiff.c b/coders/tiff.c
index 3927224..1c84442 100644
--- a/coders/tiff.c
+++ b/coders/tiff.c
@@ -1872,7 +1872,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
/*
Convert stripped TIFF image.
*/
- extent=4*TIFFStripSize(tiff);
+ extent=(samples_per_pixel+1)*TIFFStripSize(tiff);
#if defined(TIFF_VERSION_BIG)
extent+=image->columns*sizeof(uint64);
#else
|
