Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 468334 (CVE-2013-1960) - <media-libs/tiff-{3.9.7,4.0.3-r2} : two vulnerabilities (CVE-2013-{1960,1961})
Summary: <media-libs/tiff-{3.9.7,4.0.3-r2} : two vulnerabilities (CVE-2013-{1960,1961})
Status: RESOLVED FIXED
Alias: CVE-2013-1960
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks: CVE-2012-4447 CVE-2012-4564
  Show dependency tree
 
Reported: 2013-05-02 21:31 UTC by Agostino Sarubbo
Modified: 2014-02-21 15:40 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-05-02 21:31:55 UTC
From ${URL} :

1. CVE-2013-1961 libtiff (tiff2pdf): Stack-based buffer overflow with
malformed image-length and resolution

A stack-based buffer overflow was found in the way tiff2pdf, a TIFF
image to a PDF document conversion tool, of libtiff, a library of
functions for manipulating TIFF (Tagged Image File Format) image format
files, performed write of TIFF image content into particular PDF
document file, when malformed image-length and resolution values are
used in the TIFF file. A remote attacker could provide a specially-
crafted TIFF image format file, that when processed by tiff2pdf would
lead to tiff2pdf executable crash.

Reference: https://bugzilla.redhat.com/show_bug.cgi?id=952131

2.  CVE-2013-1960 libtiff (tiff2pdf): Heap-based buffer overflow in
t2_process_jpeg_strip()

A heap-based buffer overflow flaw was found in the way tiff2pdf, a TIFF
image to a PDF document conversion tool, of libtiff, a library of
functions for manipulating TIFF (Tagged Image File Format) image format
files, performed write of TIFF image content into particular PDF
document file, in the tp_process_jpeg_strip() function. A remote
attacker could provide a specially-crafted TIFF image format file, that
when processed by tiff2pdf would lead to tiff2pdf executable crash or,
potentially, arbitrary code execution with the privileges of the user
running the tiff2pdf binary.

Reference: https://bugzilla.redhat.com/show_bug.cgi?id=952158



@maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not
Comment 1 Samuli Suominen gentoo-dev 2013-05-03 00:07:59 UTC
Fixed in 4.0.3-r2. Marking bug 440944 and 440154 blockers and handle stabilization here.

Please test and mark stable:

=media-libs/tiff-3.9.7 amd64 x86
=media-libs/tiff-4.0.3-r2 alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86
Comment 2 Agostino Sarubbo gentoo-dev 2013-05-03 11:12:39 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2013-05-03 11:13:43 UTC
x86 stable
Comment 4 Vicente Olivert Riera (RETIRED) gentoo-dev 2013-05-03 12:01:01 UTC
ppc ppc64 : stable

It fails 2 tests, the same on both arches, but is not a regresion.
Comment 5 Jeroen Roovers gentoo-dev 2013-05-04 15:57:52 UTC
(In reply to comment #4)
> ppc ppc64 : stable
> 
> It fails 2 tests, the same on both arches, but is not a regresion.

I removed the stable keywords on the 3.* branch again, since PPC and PPC64 do not require them.
Comment 6 Jeroen Roovers gentoo-dev 2013-05-04 15:58:10 UTC
Stable for HPPA.
Comment 7 Jeroen Roovers gentoo-dev 2013-05-04 15:58:57 UTC
  file.size                     1                         
   (31 KiB) media-libs/tiff/files/tiff-4.0.3-CVE-2013-1961.patch
Comment 8 Agostino Sarubbo gentoo-dev 2013-05-05 13:59:33 UTC
arm stable
Comment 9 Agostino Sarubbo gentoo-dev 2013-05-05 17:36:20 UTC
alpha stable
Comment 10 Agostino Sarubbo gentoo-dev 2013-05-07 13:40:01 UTC
ia64 stable
Comment 11 Agostino Sarubbo gentoo-dev 2013-05-07 13:57:01 UTC
sparc stable
Comment 12 Agostino Sarubbo gentoo-dev 2013-05-08 13:42:24 UTC
sh stable
Comment 13 Agostino Sarubbo gentoo-dev 2013-05-26 06:43:14 UTC
s390 stable
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2013-08-31 18:50:04 UTC
CVE-2013-1961 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1961):
  Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf
  in libtiff before 4.0.3 allows remote attackers to cause a denial of service
  (application crash) via a crafted image length and resolution in a TIFF
  image file.

CVE-2013-1960 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1960):
  Heap-based buffer overflow in the tp_process_jpeg_strip function in tiff2pdf
  in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of
  service (crash) and possibly execute arbitrary code via a crafted TIFF image
  file.
Comment 15 Sergey Popov gentoo-dev Security 2013-09-04 06:05:09 UTC
Added to existing GLSA draft
Comment 16 Agostino Sarubbo gentoo-dev 2013-09-28 20:55:11 UTC
M68K is not anymore a stable arch, removing it from the cc list
Comment 17 GLSAMaker/CVETool Bot gentoo-dev 2014-02-21 15:40:59 UTC
This issue was resolved and addressed in
 GLSA 201402-21 at http://security.gentoo.org/glsa/glsa-201402-21.xml
by GLSA coordinator Chris Reffett (creffett).