File tiff-3.8.2-CVE-2011-0191.patch of Package tiff3

Index: libtiff/tif_dir.c
===================================================================
--- libtiff/tif_dir.c.orig
+++ libtiff/tif_dir.c
@@ -370,6 +370,10 @@ _TIFFVSetField(TIFF* tif, ttag_t tag, va
 	case TIFFTAG_YCBCRSUBSAMPLING:
 		td->td_ycbcrsubsampling[0] = (uint16) va_arg(ap, int);
 		td->td_ycbcrsubsampling[1] = (uint16) va_arg(ap, int);
+                if (td->td_ycbcrsubsampling[0] > 4)
+                  td->td_ycbcrsubsampling[0] = (td->td_compression == 7) ? 1 : 2;
+                if (td->td_ycbcrsubsampling[1] > 4)
+                  td->td_ycbcrsubsampling[1] = (td->td_compression == 7) ? 1 : 2;
 		break;
 	case TIFFTAG_TRANSFERFUNCTION:
 		v = (td->td_samplesperpixel - td->td_extrasamples) > 1 ? 3 : 1;

Places

File tiff-3.8.2-CVE-2011-0191.patch of Package tiff3

Places