Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 76496

Summary: media-libs/pdflib contains vulnerable modified tiff library
Product: Gentoo Security Reporter: Thierry Carrez (RETIRED) <koon>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
Whiteboard: B2 [upstream] koon
Package list:
Runtime testing required: ---

Description Thierry Carrez (RETIRED) gentoo-dev 2005-01-03 02:38:46 UTC
PDFLib includes a modified version of the tiff library. New vulnerabilities were found on the tiff library (see bug 75213) so this must probably be updated.
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2005-01-03 02:39:19 UTC
Sending mail upstream to get status.
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2005-01-10 03:52:31 UTC
Reply from upstream :

----------------------------------
It turns out no action is required in PDFlib 5.0.x or 6.0.x

The vulnerability affects only malloc(0) calls, but these are
always trapped in PDFlib.
----------------------------------