|Summary:||<media-libs/tiff-4.0.6: Buffer overflow (CVE-2013-4243)|
|Product:||Gentoo Security||Reporter:||GLSAMaker/CVETool Bot <glsamaker>|
|Component:||Vulnerabilities||Assignee:||Gentoo Security <security>|
|Whiteboard:||A2 [glsa cve]|
|Package list:||Runtime testing required:||---|
Description GLSAMaker/CVETool Bot 2013-09-11 01:52:53 UTC
CVE-2013-4243 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4243): Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image. Upstream bug: http://bugzilla.maptools.org/show_bug.cgi?id=2451
Comment 1 Yury German 2013-10-03 05:10:38 UTC
Potential patch available from Open Suse: http://lwn.net/Articles/568120/ Patch also fixes following CVE's: This tiff security update fixes several buffer overflow issues and a out-of-bounds wirte problem. * tiff: buffer overflows/use after free problem [CVE-2013-4231][CVE-2013-4232][bnc#834477] * libtiff (gif2tiff): OOB Write in LZW decompressor [CVE-2013-4244][bnc#834788] * libtiff (gif2tiff): heap-based buffer overflow in readgifimage() [CVE-2013-4243][bnc#834779] Upstream please confirm and Ebuild.
Comment 2 Samuli Suominen (RETIRED) 2014-02-04 16:14:04 UTC
(In reply to Yury German from comment #1) > Potential patch available from Open Suse: > http://lwn.net/Articles/568120/ > > Patch also fixes following CVE's: > This tiff security update fixes several buffer overflow > issues and a out-of-bounds wirte problem. > > * tiff: buffer overflows/use after free problem > [CVE-2013-4231][CVE-2013-4232][bnc#834477] this one seems to be covered already. *tiff-4.0.3-r4 (23 Aug 2013) *tiff-4.0.3-r5 (23 Aug 2013) 23 Aug 2013; Samuli Suominen <firstname.lastname@example.org> +files/tiff-4.0.3-CVE-2013-4231.patch, +files/tiff-4.0.3-CVE-2013-4232.patch, +tiff-4.0.3-r4.ebuild, +tiff-4.0.3-r5.ebuild: Fix for CVE-2013-4231 (and CVE-2013-4232) from upstream. See security bug #480466. The -r4 is for stabilization without multilib-minimal.eclass usage.
Comment 3 Samuli Suominen (RETIRED) 2014-02-04 16:18:50 UTC
(In reply to Yury German from comment #1) > Potential patch available from Open Suse: > http://lwn.net/Articles/568120/ > > Patch also fixes following CVE's: > This tiff security update fixes several buffer overflow > issues and a out-of-bounds wirte problem. > > * tiff: buffer overflows/use after free problem > [CVE-2013-4231][CVE-2013-4232][bnc#834477] > * libtiff (gif2tiff): OOB Write in LZW decompressor > [CVE-2013-4244][bnc#834788] This one is bug 486590. So lets keep this bug only for CVE-2013-4243. Just added to confusion.
Comment 4 Aaron Bauman (RETIRED) 2016-03-05 08:09:09 UTC
@arches, please stabilize >=media-libs/tiff-4.0.5 @maintainer(s), once stabilization is complete please remove vulnerable versions, <media-libs/tiff-4.0.3
Comment 5 Jeroen Roovers (RETIRED) 2016-03-06 08:23:48 UTC
(In reply to Aaron Bauman from comment #4) > @arches, please stabilize >=media-libs/tiff-4.0.5 4.0.6 or 4.0.5?
Comment 6 Aaron Bauman (RETIRED) 2016-03-06 10:02:17 UTC
@arches, please stabilize =media-libs/tiff-4.0.6
Comment 7 Aaron Bauman (RETIRED) 2016-03-06 13:50:52 UTC
I wouldn't recommend changing the bug title to reflect <media-libs/tiff-4.0.6 as it implies that all versions less than that are vulnerable which is not the case here. This can be applied to most bugs, as often unstable versions are available that mitigate certain vulnerabilities. @arches, does this titling make it easier for you to track or use various tools?
Comment 8 Agostino Sarubbo 2016-03-07 08:04:40 UTC
Comment 9 Jeroen Roovers (RETIRED) 2016-03-08 13:42:08 UTC
Stable for HPPA PPC64.
Comment 10 Markus Meier 2016-03-11 16:39:52 UTC
Comment 11 Tobias Klausmann (RETIRED) 2016-03-14 18:50:38 UTC
Stable on alpha.
Comment 12 Agostino Sarubbo 2016-03-15 16:40:43 UTC
Comment 13 Agostino Sarubbo 2016-03-16 12:04:35 UTC
Comment 14 Agostino Sarubbo 2016-03-19 11:37:07 UTC
Comment 15 Agostino Sarubbo 2016-03-20 12:01:18 UTC
Comment 16 Pacho Ramos 2016-05-06 10:02:16 UTC
The remaining arches a not officially "stable" then maybe they should not block the subsequent "CVE" process here :/
Comment 17 Aaron Bauman (RETIRED) 2016-07-09 13:30:13 UTC
Removing unstable arches from CC. @maintainer(s), please cleanup vulnerable versions.
Comment 18 Markus Meier 2016-07-10 08:50:27 UTC
Cleaned up vulnerable versions: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6f65cfb30904aa816aa0977ce4ccf188f8c31e1a
Comment 19 Aaron Bauman (RETIRED) 2016-07-11 05:00:46 UTC
New GLSA request filed.