Bug 610330 (CVE-2017-5225)

Summary:	<media-libs/tiff-4.0.7-r1: Heap-buffer overflow in tools/tiffcp via crafted BitsPerSample value (CVE-2017-5225)
Product:	Gentoo Security	Reporter:	Thomas Deutschmann (RETIRED) <whissi>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	major	CC:	graphics+disabled
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://github.com/vadz/libtiff/commit/5c080298d59efa53264d7248bbe3a04660db6ef7
See Also:	http://bugzilla.maptools.org/show_bug.cgi?id=2656 http://bugzilla.maptools.org/show_bug.cgi?id=2657
Whiteboard:	A2 [glsa cve]
Package list:		Runtime testing required:	---
Bug Depends on:	618610
Bug Blocks:

Description Thomas Deutschmann (RETIRED) gentoo-dev

2017-02-21 00:53:33 UTC

A heap-buffer overflow vulnerability was found in libtiff in the tools/tiffcp. Using a maliciously crafted BitsPerSample value could cause the application to crash or possibly allow code execution.

Upstream bugs:

http://bugzilla.maptools.org/show_bug.cgi?id=2656
http://bugzilla.maptools.org/show_bug.cgi?id=2657

Upstream patch:

https://github.com/vadz/libtiff/commit/5c080298d59efa53264d7248bbe3a04660db6ef7

Comment 1 GLSAMaker/CVETool Bot gentoo-dev

2017-02-21 00:54:00 UTC

CVE-2017-5225 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5225):
  LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the
  tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample
  value.

Comment 2 SpanKY gentoo-dev

2017-03-31 03:37:43 UTC

pulled in 4.0.7-r1

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f61e94523aef88e99d1140307b83bd518a450a14

Comment 3 GLSAMaker/CVETool Bot gentoo-dev

2017-09-26 22:11:30 UTC

This issue was resolved and addressed in
 GLSA 201709-27 at https://security.gentoo.org/glsa/201709-27
by GLSA coordinator Aaron Bauman (b-man).