Summary: | <media-libs/tiff-4.0.7: potential out-of-bound write in NeXTDecode() (CVE-2015-8784) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | graphics+disabled |
Priority: | Normal | Keywords: | PATCH |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2016/01/24/4 | ||
Whiteboard: | A2 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2016-01-25 14:33:28 UTC
CVE-2015-8784 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8784): The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif. Patch is not present in the 4.0.6 sources. @maintainer(s), please patch as it does not look like upstream is releasing an update anytime soon. Added to existing GLSA request. This issue was resolved and addressed in GLSA 201701-16 at https://security.gentoo.org/glsa/201701-16 by GLSA coordinator Thomas Deutschmann (whissi). |