[AutoPR- Security] Patch libtiff for CVE-2024-13978 [LOW] (microsoft#14665)

azurelinux-security · web-flow · commit 73951a65cff0 · 2025-09-15T13:54:25.000+05:30
diff --git a/SPECS/libtiff/CVE-2024-13978.patch b/SPECS/libtiff/CVE-2024-13978.patch
@@ -0,0 +1,44 @@
+From c13d9af1d963fb9a98f241622dec80833977590b Mon Sep 17 00:00:00 2001
+From: Lee Howard <faxguy@howardsilvan.com>
+Date: Sat, 5 Oct 2024 09:45:30 -0700
+Subject: [PATCH] Check TIFFTAG_TILELENGTH and TIFFTAGTILEWIDTH for valid
+ input, addresses issue #650
+
+Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
+Upstream-reference: https://gitlab.com/libtiff/libtiff/-/commit/2ebfffb0e8836bfb1cd7d85c059cd285c59761a4.patch
+---
+ tools/unsupported/tiff2pdf.c | 16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+
+diff --git a/tools/unsupported/tiff2pdf.c b/tools/unsupported/tiff2pdf.c
+index 1dbdc87..9ab4a9b 100644
+--- a/tools/unsupported/tiff2pdf.c
++++ b/tools/unsupported/tiff2pdf.c
+@@ -1337,8 +1337,24 @@ void t2p_read_tiff_init(T2P *t2p, TIFF *input)
+             t2p->pdf_xrefcount += (t2p->tiff_tiles[i].tiles_tilecount - 1) * 2;
+             TIFFGetField(input, TIFFTAG_TILEWIDTH,
+                          &(t2p->tiff_tiles[i].tiles_tilewidth));
++            if (t2p->tiff_tiles[i].tiles_tilewidth < 1)
++            {
++                TIFFError(TIFF2PDF_MODULE, "Invalid tile width (%d), %s",
++                          t2p->tiff_tiles[i].tiles_tilewidth,
++                          TIFFFileName(input));
++                t2p->t2p_error = T2P_ERR_ERROR;
++                return;
++            }
+             TIFFGetField(input, TIFFTAG_TILELENGTH,
+                          &(t2p->tiff_tiles[i].tiles_tilelength));
++            if (t2p->tiff_tiles[i].tiles_tilelength < 1)
++            {
++                TIFFError(TIFF2PDF_MODULE, "Invalid tile length (%d), %s",
++                          t2p->tiff_tiles[i].tiles_tilelength,
++                          TIFFFileName(input));
++                t2p->t2p_error = T2P_ERR_ERROR;
++                return;
++            }
+             t2p->tiff_tiles[i].tiles_tiles = (T2P_TILE *)_TIFFmalloc(
+                 TIFFSafeMultiply(tmsize_t, t2p->tiff_tiles[i].tiles_tilecount,
+                                  sizeof(T2P_TILE)));
+-- 
+2.45.4
+
diff --git a/SPECS/libtiff/libtiff.spec b/SPECS/libtiff/libtiff.spec
@@ -1,7 +1,7 @@
 Summary:        TIFF libraries and associated utilities.
 Name:           libtiff
 Version:        4.6.0
-Release:        8%{?dist}
+Release:        9%{?dist}
 License:        libtiff
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -18,6 +18,7 @@ Patch6:         CVE-2025-8177.patch
 Patch7:         CVE-2025-8176.patch
 Patch8:         CVE-2025-8851.patch
 Patch9:         CVE-2025-9165.patch
+Patch10:        CVE-2024-13978.patch
 
 BuildRequires:  autoconf
 BuildRequires:  automake
@@ -74,6 +75,9 @@ make %{?_smp_mflags} -k check
 %exclude %{_docdir}/tiff-%{version}/LICENSE.md
 
 %changelog
+* Fri Sep 12 2025 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 4.6.0-9
+- Patch for CVE-2024-13978
+
 * Thu Aug 21 2025 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 4.6.0-8
 - Patch for CVE-2025-9165, CVE-2025-8851
 
