Summary: | <x11-libs/qt-gui-4.7.4-r1: TIFF Grayscale Image Processing Buffer Overflow (CVE-2011-3194) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | qt |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/46140/ | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 390963 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2011-09-22 14:41:06 UTC
Since qt 4.7.4 is ready for stabilization and after talked with Davide(pesa) on irc, I add this bug as a blocker for the qt-stabilization tracker ( bug 390963 ). We fast stabilize asap after the patch on this bug will be applied Well... I think the advisory is wrong. The proposed fix (https://qt.gitorious.org/qt/qt/commit/cb6380beb81ab9571c547270c144988781fed465) was committed to qt upstream repo more than a year ago. Indeed that patch does not apply to qt-gui-4.7.4. The code in qtiffhandler.cpp has evolved during this time and it's slightly different now, but afaict the bug *is* fixed in 4.7.4. The Novell bug at [1] says that [2] reliably reproduces the issue. Would it be possible to test using this file? Thank you. [1] https://bugzilla.novell.com/show_bug.cgi?id=637275 [2] https://bugzilla.novell.com/attachment.cgi?id=387705 (In reply to comment #3) > The Novell bug at [1] says that [2] reliably reproduces the issue. Would it be > possible to test using this file? Thank you. > > [1] https://bugzilla.novell.com/show_bug.cgi?id=637275 > [2] https://bugzilla.novell.com/attachment.cgi?id=387705 I can't reproduce the crash on 4.7.4 (In reply to comment #2) > but afaict the bug *is* fixed in 4.7.4. Ok, thanks. Let's depend on 390963 instead of blocking it. Thanks, everyone. GLSA request filed. This issue was resolved and addressed in GLSA 201206-02 at http://security.gentoo.org/glsa/glsa-201206-02.xml by GLSA coordinator Sean Amoss (ackle). CVE-2011-3194 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3194): Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel. |