From ${URL} : 1. CVE-2013-1961 libtiff (tiff2pdf): Stack-based buffer overflow with malformed image-length and resolution A stack-based buffer overflow was found in the way tiff2pdf, a TIFF image to a PDF document conversion tool, of libtiff, a library of functions for manipulating TIFF (Tagged Image File Format) image format files, performed write of TIFF image content into particular PDF document file, when malformed image-length and resolution values are used in the TIFF file. A remote attacker could provide a specially- crafted TIFF image format file, that when processed by tiff2pdf would lead to tiff2pdf executable crash. Reference: https://bugzilla.redhat.com/show_bug.cgi?id=952131 2. CVE-2013-1960 libtiff (tiff2pdf): Heap-based buffer overflow in t2_process_jpeg_strip() A heap-based buffer overflow flaw was found in the way tiff2pdf, a TIFF image to a PDF document conversion tool, of libtiff, a library of functions for manipulating TIFF (Tagged Image File Format) image format files, performed write of TIFF image content into particular PDF document file, in the tp_process_jpeg_strip() function. A remote attacker could provide a specially-crafted TIFF image format file, that when processed by tiff2pdf would lead to tiff2pdf executable crash or, potentially, arbitrary code execution with the privileges of the user running the tiff2pdf binary. Reference: https://bugzilla.redhat.com/show_bug.cgi?id=952158 @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not
Fixed in 4.0.3-r2. Marking bug 440944 and 440154 blockers and handle stabilization here. Please test and mark stable: =media-libs/tiff-3.9.7 amd64 x86 =media-libs/tiff-4.0.3-r2 alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86
amd64 stable
x86 stable
ppc ppc64 : stable It fails 2 tests, the same on both arches, but is not a regresion.
(In reply to comment #4) > ppc ppc64 : stable > > It fails 2 tests, the same on both arches, but is not a regresion. I removed the stable keywords on the 3.* branch again, since PPC and PPC64 do not require them.
Stable for HPPA.
file.size 1 (31 KiB) media-libs/tiff/files/tiff-4.0.3-CVE-2013-1961.patch
arm stable
alpha stable
ia64 stable
sparc stable
sh stable
s390 stable
CVE-2013-1961 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1961): Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file. CVE-2013-1960 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1960): Heap-based buffer overflow in the tp_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file.
Added to existing GLSA draft
M68K is not anymore a stable arch, removing it from the cc list
This issue was resolved and addressed in GLSA 201402-21 at http://security.gentoo.org/glsa/glsa-201402-21.xml by GLSA coordinator Chris Reffett (creffett).