Summary: | <media-libs/tiff-{3.9.5-r2,4.0.1-r1}: "gtTileSeparate()" Integer Overflow Vulnerability (CVE-2012-1173) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | graphics+disabled, nerdboy |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/48684/ | ||
See Also: | http://bugzilla.maptools.org/show_bug.cgi?id=2369 | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2012-04-05 19:26:57 UTC
@security: Notice that tiff also has now 2 SLOTs from which the old one is binary-only like libpng. So we need to patch 2 SLOTs. This is for 3.9.5 from Fedora: http://pkgs.fedoraproject.org/gitweb/?p=libtiff.git;a=blob_plain;f=libtiff-CVE-2012-1173.patch;hb=HEAD Test & stabilize: =media-libs/tiff-3.9.5-r2 "amd64 x86" (special binary only slot, with only 1 depend in tree, only amd64 and x86 need this) =media-libs/tiff-4.0.1-r1 "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86" amd64 stable Archtested on x86: Everything OK. For both media-libs/tiff-3.9.5-r2 and media-libs/tiff-4.0.1-r1: - Both compile successfully. - Rdeps successfully compile and test phases pass. - Performed manual runtime testing of several applications that link against media-libs/tiff, all function appropriately. x86 stable, thanks Dan arm stable Stable for HPPA. ppc done ppc64 done alpha/ia64/m68k/s390/sh/sparc stable Thanks, everyone. Already on existing GLSA request which is ready for review. CVE-2012-1173 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1173): Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow. This issue was resolved and addressed in GLSA 201209-02 at http://security.gentoo.org/glsa/glsa-201209-02.xml by GLSA coordinator Sean Amoss (ackle). |