new file mode 100644
@@ -0,0 +1,29 @@
+CVE: CVE-2022-48281
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 97d65859bc29ee334012e9c73022d8a8e55ed586 Mon Sep 17 00:00:00 2001
+From: Su Laus <sulau@freenet.de>
+Date: Sat, 21 Jan 2023 15:58:10 +0000
+Subject: [PATCH] tiffcrop: Correct simple copy paste error. Fix #488.
+
+---
+ tools/tiffcrop.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
+index 14fa18da..7db69883 100644
+--- a/tools/tiffcrop.c
++++ b/tools/tiffcrop.c
+@@ -8591,7 +8591,7 @@ static int processCropSelections(struct image_data *image,
+ cropsize + NUM_BUFF_OVERSIZE_BYTES);
+ else
+ {
+- prev_cropsize = seg_buffs[0].size;
++ prev_cropsize = seg_buffs[i].size;
+ if (prev_cropsize < cropsize)
+ {
+ next_buff = _TIFFrealloc(
+--
+GitLab
+
@@ -8,7 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENSE.md;md5=a3e32d664d6db1386b4689c8121531c3"
CVE_PRODUCT = "libtiff"
-SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz"
+SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
+ file://CVE-2022-48281.patch"
SRC_URI[sha256sum] = "c7a1d9296649233979fa3eacffef3fa024d73d05d589cb622727b5b08c423464"
Signed-off-by: Ross Burton <ross.burton@arm.com> --- .../libtiff/files/CVE-2022-48281.patch | 29 +++++++++++++++++++ meta/recipes-multimedia/libtiff/tiff_4.5.0.bb | 3 +- 2 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2022-48281.patch