← Back to branch summary

~ubuntu-branches/ubuntu/vivid/tiff/vivid-proposed

~ubuntu-branches/ubuntu/vivid/tiff/vivid-proposed

« back to all changes in this revision

Viewing changes to tools/tiff2pdf.c

Committer: Package Import Robot
Author(s): Jay Berkenbilt
Date: 2012-07-21 21:27:34 UTC
Revision ID: package-import@ubuntu.com-20120721212734-zeuspg47pcq718ob

Tags: 4.0.2-2

http://bugs.debian.org/682115

* SECURITY UPDATE: possible arbitrary code execution via heap overflow
  in tiff2pdf.  (Closes: #682115)
  - debian/patches/CVE-2012-3401.patch: properly set t2p->t2p_error in
    tools/tiff2pdf.c.
  - CVE-2012-3401
  Changes prepared by Marc Deslauriers for Ubuntu.  Thanks!

files added:
.pc/.quilt_patches

.pc/.quilt_series

.pc/CVE-2012-3401.patch

.pc/CVE-2012-3401.patch/tools

.pc/CVE-2012-3401.patch/tools/tiff2pdf.c

debian/patches/CVE-2012-3401.patch

files modified:
.pc/applied-patches

debian/changelog

debian/patches/series

tools/tiff2pdf.c

Show diffs side-by-side

added added

removed removed

tools/tiff2pdf.c

1066

1066

"Can't set directory %u of input file %s",

1067

1067

i,

1068

1068

TIFFFileName(input));

1069

t2p->t2p_error = T2P_ERR_ERROR;

1069

1070

return;

1070

1071

}

1071

1072

if(TIFFGetField(input, TIFFTAG_PAGENUMBER, &pagen, &paged)){

Older »