Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 384089 (CVE-2011-3194)

Summary: <x11-libs/qt-gui-4.7.4-r1: TIFF Grayscale Image Processing Buffer Overflow (CVE-2011-3194)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: qt
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://secunia.com/advisories/46140/
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 390963    
Bug Blocks:    

Description Agostino Sarubbo gentoo-dev 2011-09-22 14:41:06 UTC
From secunia security advisor at $URL:

Description:
The vulnerability is caused due to an error in the TIFF reader (src/gui/image/qtiffhandler.cpp) when processing grayscale images and can be exploited to cause a buffer overflow.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in version 4.7.4. Other versions may also be affected.


Solution:
Fixed in the Git repository:
https://qt.gitorious.org/qt/qt/commit/cb6380beb81ab9571c547270c144988781fed465
Comment 1 Agostino Sarubbo gentoo-dev 2011-12-01 23:10:47 UTC
Since qt 4.7.4 is ready for stabilization and after talked with Davide(pesa) on
irc, I add this bug as a blocker for the qt-stabilization tracker ( bug 390963
).

We fast stabilize asap after the patch on this bug will be applied
Comment 2 Davide Pesavento gentoo-dev 2011-12-03 00:44:03 UTC
Well... I think the advisory is wrong.
The proposed fix (https://qt.gitorious.org/qt/qt/commit/cb6380beb81ab9571c547270c144988781fed465) was committed to qt upstream repo more than a year ago. Indeed that patch does not apply to qt-gui-4.7.4. The code in qtiffhandler.cpp has evolved during this time and it's slightly different now, but afaict the bug *is* fixed in 4.7.4.
Comment 3 Tim Sammut (RETIRED) gentoo-dev 2011-12-09 00:15:20 UTC
The Novell bug at [1] says that [2] reliably reproduces the issue. Would it be possible to test using this file? Thank you.

[1] https://bugzilla.novell.com/show_bug.cgi?id=637275
[2] https://bugzilla.novell.com/attachment.cgi?id=387705
Comment 4 Davide Pesavento gentoo-dev 2011-12-10 11:57:55 UTC
(In reply to comment #3)
> The Novell bug at [1] says that [2] reliably reproduces the issue. Would it be
> possible to test using this file? Thank you.
> 
> [1] https://bugzilla.novell.com/show_bug.cgi?id=637275
> [2] https://bugzilla.novell.com/attachment.cgi?id=387705

I can't reproduce the crash on 4.7.4
Comment 5 Tim Sammut (RETIRED) gentoo-dev 2011-12-18 22:12:02 UTC
(In reply to comment #2)
> but afaict the bug *is* fixed in 4.7.4.

Ok, thanks. Let's depend on 390963 instead of blocking it.
Comment 6 Tim Sammut (RETIRED) gentoo-dev 2012-05-15 06:37:58 UTC
Thanks, everyone. GLSA request filed.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2012-06-03 11:52:09 UTC
This issue was resolved and addressed in
 GLSA 201206-02 at http://security.gentoo.org/glsa/glsa-201206-02.xml
by GLSA coordinator Sean Amoss (ackle).
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2012-07-12 00:37:23 UTC
CVE-2011-3194 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3194):
  Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4
  allows remote attackers to cause a denial of service (crash) and possibly
  execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale
  TIFF image with multiple samples per pixel.