1 diff --git a/third_party/libtiff/tif_dirread.c b/third_party/libtiff/tif_dirread.c 2 index 0e3f8ccd4..e0403aef3 100644 3 --- a/third_party/libtiff/tif_dirread.c 4 +++ b/third_party/libtiff/tif_dirread.c 5 @@ -3754,6 +3754,17 @@ TIFFReadDirectory(TIFF* tif) 6 fip ? fip->field_name : "unknown tagname"); 7 continue; 8 } 9 + /* ColorMap or TransferFunction for high bit */ 10 + /* depths do not make much sense and could be */ 11 + /* used as a denial of service vector */ 12 + if (tif->tif_dir.td_bitspersample > 24) 13 + { 14 + TIFFWarningExt(tif->tif_clientdata,module, 15 + "Ignoring %s because BitsPerSample=%d>24", 16 + fip ? fip->field_name : "unknown tagname", 17 + tif->tif_dir.td_bitspersample); 18 + continue; 19 + } 20 countpersample=(1L<<tif->tif_dir.td_bitspersample); 21 if ((dp->tdir_tag==TIFFTAG_TRANSFERFUNCTION)&&(dp->tdir_count==(uint64)countpersample)) 22 { 23
