[kirkstone,08/17] tiff: patch CVE-2025-61144

Message ID	017b7ae54e55e24777a9b6033032911701b19b62.1773652940.git.yoann.congal@smile.fr
State	RFC, archived
Delegated to:	Yoann Congal
Headers	show Return-Path: <yoann.congal@smile.fr> ip: 209.85.128.52, mailfrom: yoann.congal@smile.fr) From: Yoann Congal <yoann.congal@smile.fr> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 08/17] tiff: patch CVE-2025-61144 Date: Mon, 16 Mar 2026 10:28:27 +0100 Message-ID: <017b7ae54e55e24777a9b6033032911701b19b62.1773652940.git.yoann.congal@smile.fr> In-Reply-To: <cover.1773652940.git.yoann.congal@smile.fr> References: <cover.1773652940.git.yoann.congal@smile.fr> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[kirkstone,01/17] libtheora: set CVE_PRODUCT \| expand [kirkstone,01/17] libtheora: set CVE_PRODUCT [kirkstone,02/17] alsa-lib: patch CVE-2026-25068 [kirkstone,03/17] gdk-pixbuf: Fix CVE-2025-6199 [kirkstone,04/17] ffmpeg: patch CVE-2025-10256 [kirkstone,05/17] inetutils: patch CVE-2026-28372 [kirkstone,06/17] busybox: patch CVE-2025-60876 [kirkstone,07/17] tiff: patch CVE-2025-61143 [kirkstone,08/17] tiff: patch CVE-2025-61144 [kirkstone,09/17] tiff: set status of CVE-2025-61145 as fixed by patch for CVE-2025-8961 [kirkstone,10/17] gtk+3: fix incompatible-pointer-types errors for native build on Fedora 41 [kirkstone,11/17] libpam: fix CVE-2024-10963 [kirkstone,12/17] libpam: re-add missing libgen include [kirkstone,13/17] lsb.py: strip ' from os-release file [kirkstone,14/17] python3-pip: Fix CVE-2026-1703 [kirkstone,15/17] scripts/install-buildtools: Update to 4.0.33 [kirkstone,16/17] libcomps: Fix libcomps-native build on GCC14 hosts (e.g. Fedora 41) [kirkstone,17/17] createrepo-c: Fix createrepo-c-native build on GCC14 hosts (e.g. Fedora 41)

Message ID

017b7ae54e55e24777a9b6033032911701b19b62.1773652940.git.yoann.congal@smile.fr

State

RFC, archived

Delegated to:

Yoann Congal

Headers

From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 08/17] tiff: patch CVE-2025-61144
Date: Mon, 16 Mar 2026 10:28:27 +0100
Message-ID: 
 <017b7ae54e55e24777a9b6033032911701b19b62.1773652940.git.yoann.congal@smile.fr>
In-Reply-To: <cover.1773652940.git.yoann.congal@smile.fr>
References: <cover.1773652940.git.yoann.congal@smile.fr>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[kirkstone,01/17] libtheora: set CVE_PRODUCT | expand

Commit Message

Yoann Congal March 16, 2026, 9:28 a.m. UTC

From: Peter Marko <peter.marko@siemens.com>

Pick patch from merge request mentioned in NVD report.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../libtiff/tiff/CVE-2025-61144.patch         | 27 +++++++++++++++++++
 meta/recipes-multimedia/libtiff/tiff_4.3.0.bb |  1 +
 2 files changed, 28 insertions(+)
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-61144.patch

diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-61144.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-61144.patch
new file mode 100644
index 00000000000..8b25cdfab9e
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-61144.patch
@@ -0,0 +1,27 @@ 
+From 88cf9dbb48f6e172629795ecffae35d5052f68aa Mon Sep 17 00:00:00 2001
+From: Lee Howard <faxguy@howardsilvan.com>
+Date: Fri, 5 Sep 2025 21:46:03 +0000
+Subject: [PATCH] tiffcrop: avoid buffer overflow
+
+Fixes #740
+
+CVE: CVE-2025-61144
+Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/88cf9dbb48f6e172629795ecffae35d5052f68aa]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ tools/tiffcrop.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index ae414efc..afa1cce5 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -3913,7 +3913,7 @@ combineSeparateSamplesBytes (unsigned char *srcbuffs[], unsigned char *out,
+     {
+     if ((dumpfile != NULL) && (level == 2))
+       {
+-      for (s = 0; s < spp; s++)
++      for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++)
+         {
+         dump_info (dumpfile, format, "combineSeparateSamplesBytes","Input data, Sample %"PRIu16, s);
+         dump_buffer(dumpfile, format, 1, cols, row, srcbuffs[s] + (row * src_rowsize));
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
index 4c2b0a800b4..02fc956c232 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -66,6 +66,7 @@  SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
            file://CVE-2025-8961.patch \
            file://CVE-2025-9165.patch \
            file://CVE-2025-61143.patch \
+           file://CVE-2025-61144.patch \
            "
 
 SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"

[kirkstone,08/17] tiff: patch CVE-2025-61144

Commit Message

Patch