[AUTO-CHERRYPICK] Fix CVE-2023-3164 in libtiff for 2.0 - branch main (#12486)

CBL-Mariner-Bot · bhagyapathak · web-flow · commit 5bd229a6b91e · 2025-02-25T11:36:49.000-05:00
Co-authored-by: bhagyapathak &lt;bhagyapathak@users.noreply.github.com&gt;
diff --git a/SPECS/libtiff/CVE-2023-3164.patch b/SPECS/libtiff/CVE-2023-3164.patch
@@ -0,0 +1,30 @@
+From 7ec6f53745ab6331382e59373ffd980b38a378f0 Mon Sep 17 00:00:00 2001
+From: Lee Howard <faxguy@howardsilvan.com>
+Date: Wed, 13 Mar 2024 10:06:21 -0700
+Subject: [PATCH] fix tiffcrop issues #552, #550, and #542
+
+---
+ archive/tools/tiffcrop.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/archive/tools/tiffcrop.c b/archive/tools/tiffcrop.c
+index 95983479c..3d837d269 100644
+--- a/archive/tools/tiffcrop.c
++++ b/archive/tools/tiffcrop.c
+@@ -7766,6 +7766,14 @@ static int extractImageSection(struct image_data *image,
+         (sect_width * spp * bps) %
+         8; /* trailing bits within the last byte of destination buffer */
+ 
++    /* Check to make sure that we've got enough buffer.
++     */
++    if ((last_row - first_row) * img_rowsize > full_bytes)
++    {
++        printf("The source image data is too small.\n");
++        return(-1);
++    }
++
+ #ifdef DEVELMODE
+     TIFFError("",
+               "First row: %" PRIu32 ", last row: %" PRIu32
+-- 
+
diff --git a/SPECS/libtiff/libtiff.spec b/SPECS/libtiff/libtiff.spec
@@ -1,7 +1,7 @@
 Summary:        TIFF libraries and associated utilities.
 Name:           libtiff
 Version:        4.6.0
-Release:        4%{?dist}
+Release:        5%{?dist}
 License:        libtiff
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -11,6 +11,7 @@ Source0:        https://gitlab.com/libtiff/libtiff/-/archive/v%{version}/libtiff
 Patch0:         CVE-2023-52356.patch
 Patch1:         CVE-2024-7006.patch
 Patch2:         CVE-2023-6277.patch
+Patch3:         CVE-2023-3164.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  libjpeg-turbo-devel
@@ -63,6 +64,9 @@ make %{?_smp_mflags} -k check
 %{_docdir}/*
 
 %changelog
+* Thu Jan 16 2025 Bhagyashri Pathak <bhapathak@microsoft.com> - 4.6.0-5
+- Add patch to resolve CVE-2023-3164
+
 * Mon Aug 19 2024 Sumedh Sharma <sumsharma@microsoft.com> - 4.6.0-4
 - Add patch to resolve CVE-2023-6277
 
