On Thu, 26 Jan 2017, Raphael Hertzog wrote: > But I have currently no idea of what the problem really is. And upstream > has not yet merge any similar change to what we have done. At least > https://github.com/vadz/libtiff/blob/master/libtiff/tif_dirinfo.c shows > neither PREDICTOR nor BADFAXLINES. > > So we are a bit on our own here.
So looking more closely, in libtiff/tif_dirwrite.c _TIFFWriteCustomDirectory goes over the list of all know tags and produces output for tags which are marked in tif->tif_dir.td_fieldsset and those tags are marked by their "field_bit" attribute. This code thus assumes that the list ok known tags only contains a single tag per unique fip->field_bit and this is no no longer the case with the patches we added: - CVE-2014-8128-5-fixed.patch - CVE-2016-5318_CVE-2015-7554.patch I guess we have no other choice than to drop all CODEC-specific tags from the global list of tags... and thus reopen the above CVE, at least in part. Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: https://www.freexian.com/services/debian-lts.html Learn to master Debian: https://debian-handbook.info/get/
