Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 359871 (CVE-2011-1167) - <media-libs/tiff-3.9.4-r1: ThunderCode Decoder Remote Code Execution Vulnerability (CVE-2011-1167)
Summary: <media-libs/tiff-3.9.4-r1: ThunderCode Decoder Remote Code Execution Vulnerab...
Status: RESOLVED FIXED
Alias: CVE-2011-1167
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://www.zerodayinitiative.com/advi...
Whiteboard: B2 [glsa]
Keywords:
Depends on: CVE-2011-0192
Blocks:
  Show dependency tree
 
Reported: 2011-03-22 04:48 UTC by Yury German
Modified: 2012-09-23 18:46 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Yury German Gentoo Infrastructure gentoo-dev Security 2011-03-22 04:48:56 UTC
Specific flaw exists with the installation of the Thunder Decode codec. If a malicious page or a file is executed by a user the decoder will fail to accommodate for the size of the row and can lead to a heap-based buffer overflow.

More information and patch can be found here:
http://bugzilla.maptools.org/show_bug.cgi?id=2300
Comment 1 Steve Arnold gentoo-dev 2011-04-16 21:29:54 UTC
Done in 3.9.4-r1 (patched), 3.9.5 and 4.0 fixed upstream.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-04-26 03:40:47 UTC
Added to existing GLSA request.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2011-06-24 00:26:48 UTC
CVE-2011-1167 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1167):
  Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in
  tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to
  execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file
  that has an unexpected BitsPerSample value.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2012-09-23 18:46:23 UTC
This issue was resolved and addressed in
 GLSA 201209-02 at http://security.gentoo.org/glsa/glsa-201209-02.xml
by GLSA coordinator Sean Amoss (ackle).