| diff --git a/third_party/libtiff/tif_dirread.c b/third_party/libtiff/tif_dirread.c |
| index 0e3f8ccd4..e0403aef3 100644 |
| --- a/third_party/libtiff/tif_dirread.c |
| +++ b/third_party/libtiff/tif_dirread.c |
| @@ -3754,6 +3754,17 @@ TIFFReadDirectory(TIFF* tif) |
| fip ? fip->field_name : "unknown tagname"); |
| continue; |
| } |
| + /* ColorMap or TransferFunction for high bit */ |
| + /* depths do not make much sense and could be */ |
| + /* used as a denial of service vector */ |
| + if (tif->tif_dir.td_bitspersample > 24) |
| + { |
| + TIFFWarningExt(tif->tif_clientdata,module, |
| + "Ignoring %s because BitsPerSample=%d>24", |
| + fip ? fip->field_name : "unknown tagname", |
| + tif->tif_dir.td_bitspersample); |
| + continue; |
| + } |
| countpersample=(1L<<tif->tif_dir.td_bitspersample); |
| if ((dp->tdir_tag==TIFFTAG_TRANSFERFUNCTION)&&(dp->tdir_count==(uint64)countpersample)) |
| { |