| Summary: | <media-libs/tiff-4.0.4: Out-of-bounds reads followed by a crash in bmp2tiff (CVE-2014-9330) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | graphics+disabled |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1177893 | ||
| Whiteboard: | A3 [glsa cve] | ||
| Package list: | Runtime testing required: | --- | |
CVE-2014-9330 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9330): Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) via crafted BMP image, related to dimensions, which triggers an out-of-bounds read. Maintainers this was addressed by RedHat in version libtiff-3.9.4-18. We do not have that version in the tree the lowest being: 3.9.7-r1 Please confirm that this does not apply to the packages so that we can close this bug if this is not an issue. This was fixed upstream in 4.0.4beta. No history on whether that particular version landed in the tree so adjusting summary to match upstream changes. Tree has a proper fixed version that is already stable. http://libtiff.maptools.org/v4.0.4beta.html This issue was resolved and addressed in GLSA 201701-16 at https://security.gentoo.org/glsa/201701-16 by GLSA coordinator Thomas Deutschmann (whissi). |
From ${URL} : An Out-of-bounds read flaw followed by a crash was found in the bmp2tiff utility (A utility used to create a TIFF file from a Microsoft Windows Device Independent Bitmap image file) shipped with libtiff. A remote attacker could provide a specially-crafted BMP (Bitmap Image) file that, when processed by bmp2tiff, would cause bmp2tiff to crash. Upstream bug: http://bugzilla.maptools.org/show_bug.cgi?id=2494 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.