Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 440944 (CVE-2012-4564) - <media-libs/tiff-4.0.3-r2: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file (CVE-2012-4564)
Summary: <media-libs/tiff-4.0.3-r2: Missing return value check in ppm2tiff leading to ...
Status: RESOLVED FIXED
Alias: CVE-2012-4564
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B2 [glsa]
Keywords:
Depends on: CVE-2013-1960
Blocks:
  Show dependency tree
 
Reported: 2012-11-02 13:04 UTC by Agostino Sarubbo
Modified: 2014-02-21 15:40 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-11-02 13:04:25 UTC
From https://bugzilla.redhat.com/show_bug.cgi?id=871700 :

A flaw was found in the way ppm2tiff, a tool to create a TIFF file from PPM, PGM and PBM image 
files, did not check the return value of TIFFScanlineSize() function. When TIFFScanlineSize 
encountered an integer-overflow and returned zero, this value was not checked. A remote attacker 
could provide a specially-crafted PPM image format file, that when processed by ppm2tiff would lead 
to ppm2tiff executable crash or, potentially, arbitrary code execution with the privileges of the 
user running the ppm2tiff binary.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2012-11-11 16:29:20 UTC
CVE-2012-4564 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4564):
  ppm2tiff does not check the return value of the TIFFScanlineSize function,
  which allows remote attackers to cause a denial of service (crash) and
  possibly execute arbitrary code via a crafted PPM image that triggers an
  integer overflow, a zero-memory allocation, and a heap-based buffer
  overflow.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2014-02-21 15:40:57 UTC
This issue was resolved and addressed in
 GLSA 201402-21 at http://security.gentoo.org/glsa/glsa-201402-21.xml
by GLSA coordinator Chris Reffett (creffett).