76496 – media-libs/pdflib contains vulnerable modified tiff library

Bug 76496 - media-libs/pdflib contains vulnerable modified tiff library

Summary: media-libs/pdflib contains vulnerable modified tiff library

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All All

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B2 [upstream] koon
Keywords:

Depends on:
Blocks:

Reported:	2005-01-03 02:38 UTC by Thierry Carrez (RETIRED)
Modified:	2005-01-10 03:52 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thierry Carrez (RETIRED) gentoo-dev

2005-01-03 02:38:46 UTC

PDFLib includes a modified version of the tiff library. New vulnerabilities were found on the tiff library (see bug 75213) so this must probably be updated.

Comment 1 Thierry Carrez (RETIRED) gentoo-dev

2005-01-03 02:39:19 UTC

Sending mail upstream to get status.

Comment 2 Thierry Carrez (RETIRED) gentoo-dev

2005-01-10 03:52:31 UTC

Reply from upstream :

----------------------------------
It turns out no action is required in PDFlib 5.0.x or 6.0.x

The vulnerability affects only malloc(0) calls, but these are
always trapped in PDFlib.
----------------------------------