Patch libtiff for CVE-2025-8534

azurelinux-security · azurelinux-security · commit 1c5ebeea54e5 · 2025-08-05T17:24:33.000Z
diff --git a/SPECS/libtiff/CVE-2025-8534.patch b/SPECS/libtiff/CVE-2025-8534.patch
@@ -0,0 +1,57 @@
+From 181b242df620a164fa9ee669c6f77bd53661130f Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Sat, 2 Aug 2025 18:55:54 +0200
+Subject: [PATCH] tiff2ps: check return of TIFFGetFiled() for
+ TIFFTAG_STRIPBYTECOUNTS and TIFFTAG_TILEBYTECOUNTS to avoid NULL pointer
+ dereference.
+
+Closes #718
+---
+ tools/unsupported/tiff2ps.c | 20 +++++++++++++++++---
+ 1 file changed, 17 insertions(+), 3 deletions(-)
+
+diff --git a/tools/unsupported/tiff2ps.c b/tools/unsupported/tiff2ps.c
+index 541495d..d6a54b4 100644
+--- a/tools/unsupported/tiff2ps.c
++++ b/tools/unsupported/tiff2ps.c
+@@ -2432,12 +2432,22 @@ int PS_Lvl2page(FILE *fd, TIFF *tif, uint32_t w, uint32_t h)
+     if (tiled_image)
+     {
+         num_chunks = TIFFNumberOfTiles(tif);
+-        TIFFGetField(tif, TIFFTAG_TILEBYTECOUNTS, &bc);
++        if (!TIFFGetField(tif, TIFFTAG_TILEBYTECOUNTS, &bc))
++        {
++            TIFFError(filename,
++                      "Can't read bytecounts of tiles at PS_Lvl2page()");
++            return (FALSE);
++        }
+     }
+     else
+     {
+         num_chunks = TIFFNumberOfStrips(tif);
+-        TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &bc);
++        if (!TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &bc))
++        {
++            TIFFError(filename,
++                      "Can't read bytecounts of strips at PS_Lvl2page()");
++            return (FALSE);
++        }
+     }
+ 
+     if (use_rawdata)
+@@ -3107,7 +3117,11 @@ void PSRawDataBW(FILE *fd, TIFF *tif, uint32_t w, uint32_t h)
+     (void)w;
+     (void)h;
+     TIFFGetFieldDefaulted(tif, TIFFTAG_FILLORDER, &fillorder);
+-    TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &bc);
++    if (!TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &bc))
++    {
++        TIFFError(filename, "Can't read bytecounts of strips at PSRawDataBW()");
++        return;
++    }
+ 
+     /*
+      * Find largest strip:
+-- 
+2.45.4
+
diff --git a/SPECS/libtiff/libtiff.spec b/SPECS/libtiff/libtiff.spec
@@ -1,7 +1,7 @@
 Summary:        TIFF libraries and associated utilities.
 Name:           libtiff
 Version:        4.6.0
-Release:        6%{?dist}
+Release:        7%{?dist}
 License:        libtiff
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -13,6 +13,7 @@ Patch1:         CVE-2023-6277.patch
 Patch2:         CVE-2024-7006.patch
 Patch3:         CVE-2023-3164.patch
 Patch4:         CVE-2023-6228.patch
+Patch5:         CVE-2025-8534.patch
 
 BuildRequires:  autoconf
 BuildRequires:  automake
@@ -66,6 +67,9 @@ make %{?_smp_mflags} -k check
 %{_docdir}/*
 
 %changelog
+* Tue Aug 05 2025 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 4.6.0-7
+- Patch for CVE-2025-8534
+
 * Mon Feb 03 2025 Ankita Pareek <ankitapareek@microsoft.com> - 4.6.0-6
 - Address CVE-2023-6228 with a patch
 
