100722 – media-libs/tiff: Crash though YCbCr subsampling

Bug 100722 - media-libs/tiff: Crash though YCbCr subsampling

Summary: media-libs/tiff: Crash though YCbCr subsampling

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2005-07-29 09:02 UTC by Thierry Carrez (RETIRED)
Modified:	2005-07-30 07:19 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thierry Carrez (RETIRED) gentoo-dev

2005-07-29 09:02:53 UTC

===========================================================
Ubuntu Security Notice USN-156-1	      July 29, 2005
tiff vulnerability
https://bugzilla.ubuntu.com/show_bug.cgi?id=12008
===========================================================
[...]
Wouter Hanegraaff discovered that the TIFF library did not
sufficiently validate the "YCbCr subsampling" value in TIFF image
headers. Decoding a malicious image with a zero value resulted in an
arithmetic exception, which caused the program that uses the TIFF
library to crash. This leads to a Denial of Service in server
applications that use libtiff (like the CUPS printing system) and can
cause data loss in, for example, the Evolution email client.

Comment 1 Thierry Carrez (RETIRED) gentoo-dev

2005-07-30 07:19:32 UTC

Fixed in 3.7.2, covered by glsa-200505-07