1 files changed, 34 insertions, 0 deletions

diff --git a/gnu/packages/patches/libtiff-CVE-2016-10094.patch b/gnu/packages/patches/libtiff-CVE-2016-10094.patch
new file mode 100644
index 0000000000..9018773565
--- /dev/null
+++ b/gnu/packages/patches/libtiff-CVE-2016-10094.patch
@@ -0,0 +1,34 @@
+Fix CVE-2016-10094:
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2640
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10094
+https://security-tracker.debian.org/tracker/CVE-2016-10094
+
+2016-12-20 Even Rouault <even.rouault at spatialys.com>
+
+        * tools/tiff2pdf.c: avoid potential heap-based overflow in
+        t2p_readwrite_pdf_image_tile().
+        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2640
+
+/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
+new revision: 1.1199; previous revision: 1.1198
+/cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v  <--  tools/tiff2pdf.c
+new revision: 1.101; previous revision: 1.100
+
+Index: libtiff/tools/tiff2pdf.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v
+retrieving revision 1.100
+retrieving revision 1.101
+diff -u -r1.100 -r1.101
+--- libtiff/tools/tiff2pdf.c	20 Dec 2016 17:24:35 -0000	1.100
++++ libtiff/tools/tiff2pdf.c	20 Dec 2016 17:28:17 -0000	1.101
+@@ -2895,7 +2895,7 @@
+ 				return(0);
+ 			}
+ 			if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) {
+-				if (count >= 4) {
++				if (count > 4) {
+                                         int retTIFFReadRawTile;
+                     /* Ignore EOI marker of JpegTables */
+ 					_TIFFmemcpy(buffer, jpt, count - 2);