639700 – (CVE-2017-17095) <media-libs/tiff-4.0.10-r1: Denial of Service vulnerability

Bug 639700 (CVE-2017-17095) - <media-libs/tiff-4.0.10-r1: Denial of Service vulnerability

Summary: <media-libs/tiff-4.0.10-r1: Denial of Service vulnerability

Status:	RESOLVED FIXED

Alias:	CVE-2017-17095

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:
Whiteboard:	A3 [glsa+ cve]
Keywords:

Depends on:	CVE-2019-14973
Blocks:
	Show dependency tree

Reported:	2017-12-04 01:54 UTC by GLSAMaker/CVETool Bot
Modified:	2020-03-15 15:11 UTC (History)
CC List:	1 user (show)

See Also:	http://bugzilla.maptools.org/show_bug.cgi?id=2750
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2017-12-04 01:54:32 UTC

CVE-2017-17095 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-17095):
  tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause
  a denial of service (TIFFSetupStrips heap-based buffer overflow and
  application crash) or possibly have unspecified other impact via a crafted
  TIFF file.

Comment 1 Agostino Sarubbo gentoo-dev

2017-12-04 08:12:29 UTC

I guess it happens also on a stable version

Comment 2 SpanKY gentoo-dev

2018-01-26 03:37:29 UTC

i think this is:
  http://bugzilla.maptools.org/show_bug.cgi?id=2750

a mitigation was added for the next release, but i don't think it fixes it fully:
https://gitlab.com/libtiff/libtiff/commit/9171da596c88e6a2dadcab4a3a89dddd6e1b4655

Comment 3 Aaron Bauman (RETIRED) gentoo-dev

2019-03-26 19:37:10 UTC

Still not fixed upstream... that I can find.

Comment 4 Larry the Git Cow gentoo-dev

2019-08-05 00:12:08 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1408d12740a4cd2a6d71fe5f52386d9d77128645

commit 1408d12740a4cd2a6d71fe5f52386d9d77128645
Author:     Aaron Bauman <bman@gentoo.org>
AuthorDate: 2019-08-05 00:03:19 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2019-08-05 00:12:00 +0000

    media-libs/tiff: revbump to address open security bugs
    
    * This commit addresses 3 outstanding security issues reported by the
    individuals listed below.
    
    * This commit involved cherry-picking the patches and adding a revbump as
    the original PR's renamed the original ebuild and kept stable keywords.
    
    Bug: https://bugs.gentoo.org/639700
    Bug: https://bugs.gentoo.org/690732
    
    Closes: https://github.com/gentoo/gentoo/pull/12543
    Closes: https://github.com/gentoo/gentoo/pull/11743
    
    Reported-by: Benjamin Gordon <bmgordon@chromium.org>
    Reported-by: Allen Webb <allenwebb@google.com>
    Signed-off-by: Aaron Bauman <bman@gentoo.org>

 ...-2018-17000-tif_dirwrite-null-dereference.patch | 33 +++++++++
 .../tiff-4.0.10-CVE-2019-6128-pal2rgb-leak.patch   | 48 ++++++++++++
 ....0.10-CVE-2019-7663-tiffcpIntegerOverflow.patch | 73 ++++++++++++++++++
 media-libs/tiff/tiff-4.0.10-r1.ebuild              | 86 ++++++++++++++++++++++
 4 files changed, 240 insertions(+)

Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev

2020-03-15 14:57:49 UTC

Added to an existing GLSA.

Comment 6 GLSAMaker/CVETool Bot gentoo-dev

2020-03-15 15:11:46 UTC

This issue was resolved and addressed in
 GLSA 202003-25 at https://security.gentoo.org/glsa/202003-25
by GLSA coordinator Thomas Deutschmann (whissi).