Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 422673 (CVE-2012-2113) - <media-libs/tiff-4.0.2: "tiff2pdf" Integer Overflow Vulnerability (CVE-2012-{2088,2113})
Summary: <media-libs/tiff-4.0.2: "tiff2pdf" Integer Overflow Vulnerability (CVE-2012-{...
Status: RESOLVED FIXED
Alias: CVE-2012-2113
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/49493/
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-06-20 16:26 UTC by Agostino Sarubbo
Modified: 2012-09-23 18:46 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-06-20 16:26:45 UTC
From secunia security advisory at $URL:

Description
A vulnerability has been reported in LibTIFF, which can be exploited by malicious people to compromise an application using the library.

The vulnerability is caused due to an integer overflow error in the "tiff2pdf" utility when parsing images and can be exploited to cause a buffer overflow via a specially crafted TIFF image.

Successful exploitation may allow execution of arbitrary code, but requires tricking a user into converting a malicious image.

The vulnerability is reported in versions prior to 4.0.2.


Solution
Update to version 4.0.2.
Comment 1 Samuli Suominen gentoo-dev 2012-06-20 18:43:03 UTC
Test and stabilize:

=media-libs/tiff-4.0.2
Comment 2 Jeff (JD) Horelick (RETIRED) gentoo-dev 2012-06-20 23:42:03 UTC
x86 stable
Comment 3 Jeroen Roovers gentoo-dev 2012-06-21 15:16:40 UTC
Stable for HPPA.
Comment 4 Agostino Sarubbo gentoo-dev 2012-06-21 15:40:41 UTC
amd64 stable
Comment 5 Raúl Porcel (RETIRED) gentoo-dev 2012-06-23 17:25:51 UTC
alpha/arm/ia64/m68k/s390/sh/sparc stable
Comment 6 Brent Baude (RETIRED) gentoo-dev 2012-07-03 16:02:51 UTC
ppc done
Comment 7 Sean Amoss gentoo-dev Security 2012-07-22 18:24:40 UTC
@graphics, Steve: this issue appears to affect all versions of libtiff and there is also another issue only affecting 3.x [1]. Are there any plans for 3.x? Thanks.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=810551#c14
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2012-07-23 19:31:29 UTC
CVE-2012-2113 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2113):
  Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote
  attackers to cause a denial of service (application crash) or possibly
  execute arbitrary code via a crafted tiff image, which triggers a heap-based
  buffer overflow.

CVE-2012-2088 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2088):
  Integer signedness error in the TIFFReadDirectory function in tif_dirread.c
  in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of
  service (application crash) and possibly execute arbitrary code via a
  negative tile depth in a tiff image, which triggers an improper conversion
  between signed and unsigned types, leading to a heap-based buffer overflow.
Comment 9 Samuli Suominen gentoo-dev 2012-09-16 17:15:37 UTC
ppc64 stable, all arch's done
Comment 10 Sean Amoss gentoo-dev Security 2012-09-16 18:10:16 UTC
Thanks, everyone. 

Added to existing GLSA draft.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2012-09-23 18:46:29 UTC
This issue was resolved and addressed in
 GLSA 201209-02 at http://security.gentoo.org/glsa/glsa-201209-02.xml
by GLSA coordinator Sean Amoss (ackle).