Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 100722

Summary: media-libs/tiff: Crash though YCbCr subsampling
Product: Gentoo Security Reporter: Thierry Carrez (RETIRED) <koon>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Thierry Carrez (RETIRED) gentoo-dev 2005-07-29 09:02:53 UTC 
===========================================================
Ubuntu Security Notice USN-156-1	      July 29, 2005
tiff vulnerability
https://bugzilla.ubuntu.com/show_bug.cgi?id=12008
===========================================================
[...]
Wouter Hanegraaff discovered that the TIFF library did not
sufficiently validate the "YCbCr subsampling" value in TIFF image
headers. Decoding a malicious image with a zero value resulted in an
arithmetic exception, which caused the program that uses the TIFF
library to crash. This leads to a Denial of Service in server
applications that use libtiff (like the CUPS printing system) and can
cause data loss in, for example, the Evolution email client.
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2005-07-30 07:19:32 UTC 
Fixed in 3.7.2, covered by glsa-200505-07