Summary: | media-libs/tiff: tiff2pdf stack buffer overflow | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Tavis Ormandy (RETIRED) <taviso> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED DUPLICATE | ||||||
Severity: | normal | CC: | nerdboy | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://bugzilla.remotesensing.org/show_bug.cgi?id=1196 | ||||||
Whiteboard: | B2? [ebuild] Jaervosz | ||||||
Package list: | Runtime testing required: | --- | |||||
Bug Depends on: | |||||||
Bug Blocks: | 135881 | ||||||
Attachments: |
|
Description
Tavis Ormandy (RETIRED)
2006-05-31 03:22:39 UTC
nerdboy, this issue is confidential, please comment on this bug and attach a patch to this bug if appropriate, please do not commit anything to portage yet. (I guess sprintf => snprintf will do it) Created attachment 88391 [details, diff]
patch for tiff2pdf buffer overflow
Here's a patch for the cited sprintf condition; it works on 3.7.4 and 3.8.2 (and I'd still like to stablize everyone on 3.8.2 or better).
Comment on attachment 88391 [details, diff]
patch for tiff2pdf buffer overflow
This is fixed upstream, but the patch I have is about 50k uncompressed. Let me know if you want it attached.
I'd also like to commit both fixes, along with a JBIG update for Hylafax... This is public now so please go ahead and commit the fixed ebuild. Lets handle the rest on bug #135881 instead of having two bugs for the same package. *** This bug has been marked as a duplicate of 135881 *** |