Summary: | <media-libs/tiff-3.9.5: Multiple vulnerabilities (CVE-2009-5022,CVE-2010-{2482,2595,3087,4665},CVE-2011-{0192,1167}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tim Sammut (RETIRED) <underling> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | alexanderyt, graphics+disabled, nerdboy |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.remotesensing.org/libtiff/v3.9.5.html | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Tim Sammut (RETIRED)
2011-06-12 20:43:43 UTC
CVE-2009-5022 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5022): Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file. CVE-2010-3087 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3087): LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image. CVE-2010-2595 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2595): The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers an array index error, related to "downsampled OJPEG input." Maintainer timed out. Arches, please test and mark stable: =media-libs/tiff-3.9.5 target KEYWORDS : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86" Builds fine on x86. Tested with shutterbug rdep and converted the tiff image to pdf with tiff2pdf. Please mark stable for x86. Archtested on x86: Everything fine amd64 ok ppc/ppc64 stable x86 stable, thanks Myckel and JD! amd64 done. Thanks Agostino Stable for HPPA. alpha/arm/ia64/m68k/s390/sh/sparc stable Thanks, everyone. Added to existing GLSA request. CVE-2010-2482 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2482): LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443. CVE-2010-4665 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4665): Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF file containing a directory data structure with many directory entries. This issue was resolved and addressed in GLSA 201209-02 at http://security.gentoo.org/glsa/glsa-201209-02.xml by GLSA coordinator Sean Amoss (ackle). |