Description: fix denial of service and possible code execution via PixarLog compression format Origin: upstream, tif_pixarlog.c,v 1.37, tif_pixarlog.c,v 1.38 Index: tiff-3.9.5/libtiff/tif_pixarlog.c =================================================================== --- tiff-3.9.5.orig/libtiff/tif_pixarlog.c 2010-06-08 14:50:42.000000000 -0400 +++ tiff-3.9.5/libtiff/tif_pixarlog.c 2012-11-14 11:28:44.947853589 -0500 @@ -663,7 +663,7 @@ td->td_rowsperstrip), sizeof(uint16)); if (tbuf_size == 0) return (0); - sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size); + sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size+sizeof(uint16)*sp->stride); if (sp->tbuf == NULL) return (0); if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN)