Mark CVE-2023-52355 as mitigated in third_party/libtiff/METADATA Since there are no callers to TIFFRasterScanlineSize() and TIFFRasterScanlineSize64() in this code base, the potential OOM issue cannot occur. Bug: 323286416 Change-Id: I6d1882cac97d8cb152bc6539a5da2c25ab7d2196 Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/116292 Reviewed-by: Thomas Sepez <tsepez@google.com> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Thomas Sepez <tsepez@google.com>

commit: 244491fa800131fe92684212ad55fae0da4bb82b [log] [tgz]
author: Lei Zhang <thestig@chromium.org> Thu Feb 08 21:03:15 2024 +0000
committer: Pdfium LUCI CQ <pdfium-scoped@luci-project-accounts.iam.gserviceaccount.com> Thu Feb 08 21:03:15 2024 +0000
tree: 797116757e06a7abdebe342f0684df731ff0d114
parent: d85e88249674f3d31aab26da91431e7eedeb9248 [diff]
diff --git a/third_party/libtiff/METADATA b/third_party/libtiff/METADATA
index 7d36a06..7956a6f 100644
--- a/third_party/libtiff/METADATA
+++ b/third_party/libtiff/METADATA

@@ -15,5 +15,8 @@
     mitigated_security_patch: "CVE-2023-26965"
     mitigated_security_patch: "CVE-2023-40745"
     mitigated_security_patch: "CVE-2023-41175"
+
+    # There are no callers to TIFFRasterScanlineSize() in PDFium's code base.
+    mitigated_security_patch: "CVE-2023-52355"
   }
 }
commit	244491fa800131fe92684212ad55fae0da4bb82b	[log] [tgz]
author	Lei Zhang <thestig@chromium.org>	Thu Feb 08 21:03:15 2024 +0000
committer	Pdfium LUCI CQ <pdfium-scoped@luci-project-accounts.iam.gserviceaccount.com>	Thu Feb 08 21:03:15 2024 +0000
tree	797116757e06a7abdebe342f0684df731ff0d114
parent	d85e88249674f3d31aab26da91431e7eedeb9248 [diff]