Summary: | <media-libs/tiff-4.0.2-r1: Heap-based buffer overflow due to improper initialization of T2P context struct pointer (CVE-2012-3401) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | taaroa <taaroa> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | graphics+disabled, nerdboy |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=837577 | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
taaroa
2012-07-19 03:54:47 UTC
Thanks for the report, taaroa. From oss-sec mailing list thread (http://www.openwall.com/lists/oss-security/2012/07/19/4): "I know that 3.9.x upto the latest 4.0.2 are affected. Older versions may be affected as well, i am not sure about that." CVE-2012-3401 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3401): The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow. Fixed by 4.0.2-r1. Please test and stabilize: =media-libs/tiff-4.0.2-r1 alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86 amd64/ppc/ppc64/x86 stable (In reply to comment #3) > Fixed by 4.0.2-r1. Thanks, Samuli. Would you be able to provide a patched 3.9.5, also? (Unless we can drop that slot?) (In reply to comment #5) > (In reply to comment #3) > > Fixed by 4.0.2-r1. > > Thanks, Samuli. Would you be able to provide a patched 3.9.5, also? (Unless > we can drop that slot?) The bug is in tools/tiff2pdf.c and we don't install any tools with the older SLOT which is only for 2 binary-only programs in Portage, one from sci-* and another is net-im/skype with USE=qt-static enabled So I'd say we are good as is Stable for HPPA. stable arm alpha/ia64/m68k/s390/sh/sparc stable Thanks, everyone. Already on existing GLSA draft. Maintainers, please clean up vulnerable version. This issue was resolved and addressed in GLSA 201209-02 at http://security.gentoo.org/glsa/glsa-201209-02.xml by GLSA coordinator Sean Amoss (ackle). (In reply to comment #10) > Maintainers, please clean up vulnerable version. Done. |