Dear maintainer,
when I compare the corrupt files with the correct files, I see that the
predictor tag is not set correctly.
I have compared the TIFFTAG_PREDICTOR which was changed in the
CVE_2014-8128-5 patch with the one in the current libtiff (version
4.0.7). In the current version, the category of the tag was changed from
FIELD_CUSTOM to FIELD_CODEC+0
Please find the attached patch which corrects the the tag category in
the Debian version.
To test the patch, download any ppm file, and convert it with
ppm2tiff -c lzw:2 infile.ppm outfile.tif
and look at outfile.tif with any image viewer.
The current Debian libtiff will create a corrupted file, whereas the
patched libtiff will create a correct file.
(You do not have to use ppm2tiff. All images created by, gimp,
imagemagick, any libtiff-tool, or anything that uses libtiff are
corrupted.)
You can check that the predictor is now corrected with
tiffinfo outfile.tif
The corrupted file will not show any Predictor,
The corrected file will show "Predictor: horizontal differencing 2
(0x2)"
Please let me know if you have any remarks regarding the patch.
This should also fix the bugs #787966 and #786910
Kind regards,
Tobias Lippert
diff -Nru tiff-4.0.3/debian/changelog tiff-4.0.3/debian/changelog
--- tiff-4.0.3/debian/changelog 2017-03-17 08:58:16.000000000 +0100
+++ tiff-4.0.3/debian/changelog 2017-01-12 22:35:57.000000000 +0100
@@ -1,10 +1,3 @@
-tiff (4.0.3-12.3+deb8u2.1) UNRELEASED; urgency=medium
-
- * Fix a regression introduced by patch CVE-2014-8128-5 where enabling
- compression of tif files results in corrupt files.
-
- -- Tobias Lippert <lippertto_...@fastmail.com> Fri, 17 Mar 2017 08:55:33
+0100
-
tiff (4.0.3-12.3+deb8u2) jessie-security; urgency=high
* Backport fix for the following vulnerabilities:
diff -Nru tiff-4.0.3/debian/patches/CVE-2014-8128-6.patch
tiff-4.0.3/debian/patches/CVE-2014-8128-6.patch
--- tiff-4.0.3/debian/patches/CVE-2014-8128-6.patch 2017-03-17
09:04:24.000000000 +0100
+++ tiff-4.0.3/debian/patches/CVE-2014-8128-6.patch 1970-01-01
01:00:00.000000000 +0100
@@ -1,13 +0,0 @@
-Index: tiff-4.0.3/libtiff/tif_dirinfo.c
-===================================================================
---- tiff-4.0.3.orig/libtiff/tif_dirinfo.c
-+++ tiff-4.0.3/libtiff/tif_dirinfo.c
-@@ -142,7 +142,7 @@ tiffFields[] = {
- { TIFFTAG_STONITS, 1, 1, TIFF_DOUBLE, 0, TIFF_SETGET_DOUBLE,
TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "StoNits", NULL },
- { TIFFTAG_INTEROPERABILITYIFD, 1, 1, TIFF_IFD8, 0,
TIFF_SETGET_UNDEFINED, TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0,
"InteroperabilityIFDOffset", NULL },
- { TIFFTAG_CONSECUTIVEBADFAXLINES, 1, 1, TIFF_LONG, 0,
TIFF_SETGET_UINT32, TIFF_SETGET_UINT32, FIELD_CUSTOM, TRUE, FALSE,
"ConsecutiveBadFaxLines", NULL },
-- { TIFFTAG_PREDICTOR, 1, 1, TIFF_SHORT, 0, TIFF_SETGET_UINT16,
TIFF_SETGET_UINT16, FIELD_CUSTOM, FALSE, FALSE, "Predictor", NULL },
-+ { TIFFTAG_PREDICTOR, 1, 1, TIFF_SHORT, 0, TIFF_SETGET_UINT16,
TIFF_SETGET_UINT16, (FIELD_CODEC+0), FALSE, FALSE, "Predictor", NULL },
- /* begin DNG tags */
- { TIFFTAG_DNGVERSION, 4, 4, TIFF_BYTE, 0, TIFF_SETGET_C0_UINT8,
TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "DNGVersion", NULL },
- { TIFFTAG_DNGBACKWARDVERSION, 4, 4, TIFF_BYTE, 0, TIFF_SETGET_C0_UINT8,
TIFF_SETGET_UNDEFINED, FIELD_CUSTOM, 0, 0, "DNGBackwardVersion", NULL },
diff -Nru tiff-4.0.3/debian/patches/series tiff-4.0.3/debian/patches/series
--- tiff-4.0.3/debian/patches/series 2017-03-17 09:02:01.000000000 +0100
+++ tiff-4.0.3/debian/patches/series 2017-01-12 22:35:57.000000000 +0100
@@ -42,4 +42,3 @@
CVE-2016-10092.patch
CVE-2016-10093.patch
CVE-2016-10094.patch
-CVE-2014-8128-6.patch
