| Summary: | media-libs/tiff: tiff2pdf stack buffer overflow | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Tavis Ormandy (RETIRED) <taviso> | ||||
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
| Status: | RESOLVED DUPLICATE | ||||||
| Severity: | normal | CC: | nerdboy | ||||
| Priority: | High | ||||||
| Version: | unspecified | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| URL: | http://bugzilla.remotesensing.org/show_bug.cgi?id=1196 | ||||||
| Whiteboard: | B2? [ebuild] Jaervosz | ||||||
| Package list: | Runtime testing required: | --- | |||||
| Bug Depends on: | |||||||
| Bug Blocks: | 135881 | ||||||
| Attachments: |
|
||||||
|
Description
Tavis Ormandy (RETIRED)
2006-05-31 03:22:39 UTC
nerdboy, this issue is confidential, please comment on this bug and attach a patch to this bug if appropriate, please do not commit anything to portage yet. (I guess sprintf => snprintf will do it) Created attachment 88391 [details, diff]
patch for tiff2pdf buffer overflow
Here's a patch for the cited sprintf condition; it works on 3.7.4 and 3.8.2 (and I'd still like to stablize everyone on 3.8.2 or better).
Comment on attachment 88391 [details, diff]
patch for tiff2pdf buffer overflow
This is fixed upstream, but the patch I have is about 50k uncompressed. Let me know if you want it attached.
I'd also like to commit both fixes, along with a JBIG update for Hylafax... This is public now so please go ahead and commit the fixed ebuild. Lets handle the rest on bug #135881 instead of having two bugs for the same package. *** This bug has been marked as a duplicate of 135881 *** |
