Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 440944 (CVE-2012-4564)

Summary: <media-libs/tiff-4.0.3-r2: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file (CVE-2012-4564)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: graphics+disabled
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=871700
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 468334    
Bug Blocks:    

Description Agostino Sarubbo gentoo-dev 2012-11-02 13:04:25 UTC 
From https://bugzilla.redhat.com/show_bug.cgi?id=871700 :

A flaw was found in the way ppm2tiff, a tool to create a TIFF file from PPM, PGM and PBM image 
files, did not check the return value of TIFFScanlineSize() function. When TIFFScanlineSize 
encountered an integer-overflow and returned zero, this value was not checked. A remote attacker 
could provide a specially-crafted PPM image format file, that when processed by ppm2tiff would lead 
to ppm2tiff executable crash or, potentially, arbitrary code execution with the privileges of the 
user running the ppm2tiff binary.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2012-11-11 16:29:20 UTC 
CVE-2012-4564 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4564):
  ppm2tiff does not check the return value of the TIFFScanlineSize function,
  which allows remote attackers to cause a denial of service (crash) and
  possibly execute arbitrary code via a crafted PPM image that triggers an
  integer overflow, a zero-memory allocation, and a heap-based buffer
  overflow.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2014-02-21 15:40:57 UTC 
This issue was resolved and addressed in
 GLSA 201402-21 at http://security.gentoo.org/glsa/glsa-201402-21.xml
by GLSA coordinator Chris Reffett (creffett).