Bug 75423

Summary:

media-libs/tiff: tiffdump crash on test image

Product:

Gentoo Security

Reporter:

Thierry Carrez (RETIRED) <koon>

Component:

Vulnerabilities

Assignee:

Gentoo Security <security>

Status:

RESOLVED FIXED

Severity:

normal

CC:

nerdboy

Priority:

High

Version:

unspecified

Hardware:

All

OS:

All

Whiteboard:

B2 [upstream] koon CLASSIFIED

Package list:

Runtime testing required:

---

Bug Depends on:

Bug Blocks:

75213

Attachments:

Description	Flags
Patch for tiffdump issue	none

Description Thierry Carrez (RETIRED) gentoo-dev

2004-12-23 02:47:41 UTC

This is a restricted bug.

Test image from ftp://ftp.altlinux.org/pvt/people/ldv/1x1.tiff crashes tiffdump, not sure if it's exploitable, but should be fixed together with bug 75213.

We're waiting for a final patch from v-s.

Comment 1 Thierry Carrez (RETIRED) gentoo-dev

2004-12-23 02:52:29 UTC

Created attachment 46702 [details, diff]
Patch for tiffdump issue

Here is the proposed patch (from Dmitry Levin).

nerdboy: It's not public yet so you shouldn't include it in portage, but you're
allowed to privately test it :)

Comment 2 Thierry Carrez (RETIRED) gentoo-dev

2005-01-02 14:08:46 UTC

The tiffdump patch can now be included, please bump to -r2 with this additional patch.

Comment 3 Steve Arnold archtester

2005-01-02 18:12:35 UTC

Both this patch and the transparency patch are in -r1.

Comment 4 Steve Arnold archtester

2005-01-02 18:21:58 UTC

Sorry, closing...