Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 561880 (CVE-2015-7313) - <media-libs/tiff-4.0.7: OOM when parsing crafted tiff files (CVE-2015-7313)
Summary: <media-libs/tiff-4.0.7: OOM when parsing crafted tiff files (CVE-2015-7313)
Status: RESOLVED FIXED
Alias: CVE-2015-7313
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: A3 [glsa cve glsa blocked]
Keywords:
Depends on: CVE-2015-7554, CVE-2015-8665, CVE-2015-8668, CVE-2015-8683, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3619, CVE-2016-3620, CVE-2016-3621, CVE-2016-3622, CVE-2016-3623, CVE-2016-3624, CVE-2016-3625, CVE-2016-3631, CVE-2016-3632, CVE-2016-3633, CVE-2016-3634, CVE-2016-3658, CVE-2016-3945, CVE-2016-3990, CVE-2016-3991, CVE-2016-5314, CVE-2016-5315, CVE-2016-5316, CVE-2016-5317, CVE-2016-5320, CVE-2016-5321, CVE-2016-5322, CVE-2016-5323, CVE-2016-5652, CVE-2016-5875, CVE-2016-6223, CVE-2016-8331, CVE-2016-9273, CVE-2016-9297, CVE-2016-9448, CVE-2016-9453, CVE-2016-9532
Blocks:
  Show dependency tree
 
Reported: 2015-09-30 07:03 UTC by Agostino Sarubbo
Modified: 2017-01-09 17:01 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2015-09-30 07:03:26 UTC 
From ${URL} :

We found a DoS using a crafted tiff file that causes a OOM kill in low memory
system (usually less than 3GB). This was tested in Ubuntu 14.04 (64bit) but the
issue exists even in the CVS libtiff version. Please find attached the
compressed test case (otherwise it can kill my browser since gdk-pixbuf is
loading tiff files in the preview dialog!). You can test it executing:

$ tiffdither oom.tif /dev/null

If you run it with ltrace, you can see some very large reallocs:

libtiff.so.5->realloc(0, 1636178024)
             = 0x7f71a42b6010
libtiff.so.5->realloc(0, 1636178024)
             = 0x7f7142a54010

Upstream was notified but there is still no fix.



@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2017-01-09 16:20:26 UTC 
Added to existing GLSA request.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2017-01-09 17:01:03 UTC 
This issue was resolved and addressed in
 GLSA 201701-16 at https://security.gentoo.org/glsa/201701-16
by GLSA coordinator Thomas Deutschmann (whissi).