[kirkstone,07/17] tiff: patch CVE-2025-61143

Message ID	944f481d214bebeaf51769d77fe16cd93cbff351.1773652940.git.yoann.congal@smile.fr
State	RFC, archived
Delegated to:	Yoann Congal
Headers	show Return-Path: <yoann.congal@smile.fr> ip: 209.85.128.48, mailfrom: yoann.congal@smile.fr) From: Yoann Congal <yoann.congal@smile.fr> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 07/17] tiff: patch CVE-2025-61143 Date: Mon, 16 Mar 2026 10:28:26 +0100 Message-ID: <944f481d214bebeaf51769d77fe16cd93cbff351.1773652940.git.yoann.congal@smile.fr> In-Reply-To: <cover.1773652940.git.yoann.congal@smile.fr> References: <cover.1773652940.git.yoann.congal@smile.fr> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[kirkstone,01/17] libtheora: set CVE_PRODUCT \| expand [kirkstone,01/17] libtheora: set CVE_PRODUCT [kirkstone,02/17] alsa-lib: patch CVE-2026-25068 [kirkstone,03/17] gdk-pixbuf: Fix CVE-2025-6199 [kirkstone,04/17] ffmpeg: patch CVE-2025-10256 [kirkstone,05/17] inetutils: patch CVE-2026-28372 [kirkstone,06/17] busybox: patch CVE-2025-60876 [kirkstone,07/17] tiff: patch CVE-2025-61143 [kirkstone,08/17] tiff: patch CVE-2025-61144 [kirkstone,09/17] tiff: set status of CVE-2025-61145 as fixed by patch for CVE-2025-8961 [kirkstone,10/17] gtk+3: fix incompatible-pointer-types errors for native build on Fedora 41 [kirkstone,11/17] libpam: fix CVE-2024-10963 [kirkstone,12/17] libpam: re-add missing libgen include [kirkstone,13/17] lsb.py: strip ' from os-release file [kirkstone,14/17] python3-pip: Fix CVE-2026-1703 [kirkstone,15/17] scripts/install-buildtools: Update to 4.0.33 [kirkstone,16/17] libcomps: Fix libcomps-native build on GCC14 hosts (e.g. Fedora 41) [kirkstone,17/17] createrepo-c: Fix createrepo-c-native build on GCC14 hosts (e.g. Fedora 41)

Message ID

944f481d214bebeaf51769d77fe16cd93cbff351.1773652940.git.yoann.congal@smile.fr

State

RFC, archived

Delegated to:

Yoann Congal

Headers

From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 07/17] tiff: patch CVE-2025-61143
Date: Mon, 16 Mar 2026 10:28:26 +0100
Message-ID: 
 <944f481d214bebeaf51769d77fe16cd93cbff351.1773652940.git.yoann.congal@smile.fr>
In-Reply-To: <cover.1773652940.git.yoann.congal@smile.fr>
References: <cover.1773652940.git.yoann.congal@smile.fr>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[kirkstone,01/17] libtheora: set CVE_PRODUCT | expand

Commit Message

Yoann Congal March 16, 2026, 9:28 a.m. UTC

From: Peter Marko <peter.marko@siemens.com>

Pick patch from merge request mentioned in NVD report.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../libtiff/tiff/CVE-2025-61143.patch         | 44 +++++++++++++++++++
 meta/recipes-multimedia/libtiff/tiff_4.3.0.bb |  1 +
 2 files changed, 45 insertions(+)
 create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-61143.patch

diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-61143.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-61143.patch
new file mode 100644
index 00000000000..ed0438fec97
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-61143.patch
@@ -0,0 +1,44 @@ 
+From 4d28af5fe61b1760f10981f5072ff1e6fd44f210 Mon Sep 17 00:00:00 2001
+From: Lee Howard <faxguy@howardsilvan.com>
+Date: Fri, 5 Sep 2025 21:44:49 +0000
+Subject: [PATCH] tiffcrop: avoid nullptr dereference
+
+Fixes #734
+
+CVE: CVE-2025-61143
+Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/4d28af5fe61b1760f10981f5072ff1e6fd44f210]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ tools/tiffcrop.c   | 2 +-
+ tools/tiffdither.c | 5 +++++
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index ae414efc..1cbb49b6 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -2561,7 +2561,7 @@ main(int argc, char* argv[])
+ 
+     if (dump.outfile != NULL)
+       {
+-      dump_info (dump.outfile, dump.format, "", "Completed run for %s", TIFFFileName(out));
++      dump_info (dump.outfile, dump.format, "", "Completed run for %s", out ? TIFFFileName(out) : "(not opened)");
+       fclose (dump.outfile);
+       }
+     }
+diff --git a/tools/tiffdither.c b/tools/tiffdither.c
+index 3c64fdc0..405527c7 100644
+--- a/tools/tiffdither.c
++++ b/tools/tiffdither.c
+@@ -84,6 +84,11 @@ fsdither(TIFF* in, TIFF* out)
+ 	    fprintf(stderr, "Out of memory.\n");
+ 	    goto skip_on_error;
+ 	}
++	if (imagewidth > TIFFScanlineSize(in))
++	{
++	    fprintf(stderr, "Image width exceeds scanline size.\n");
++	    goto skip_on_error;
++	}
+ 
+ 	/*
+ 	 * Get first line
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
index 84c3028b458..4c2b0a800b4 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -65,6 +65,7 @@  SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
            file://CVE-2025-9900.patch \
            file://CVE-2025-8961.patch \
            file://CVE-2025-9165.patch \
+           file://CVE-2025-61143.patch \
            "
 
 SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"

[kirkstone,07/17] tiff: patch CVE-2025-61143

Commit Message

Patch