Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 628464 (CVE-2017-12944) - <media-libs/tiff-4.0.9: denial of service during a tiff2pdf invocation. (CVE-2017-12944)
Summary: <media-libs/tiff-4.0.9: denial of service during a tiff2pdf invocation. (CVE-...
Status: RESOLVED FIXED
Alias: CVE-2017-12944
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-08-21 06:16 UTC by Aleksandr Wagner (Kivak)
Modified: 2019-03-26 18:32 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Aleksandr Wagner (Kivak) 2017-08-21 06:16:03 UTC
CVE-2017-12944 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12944):

The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation. 

References:

http://bugzilla.maptools.org/show_bug.cgi?id=2725

Note:

https://github.com/vadz/libtiff/commit/dc02f9050311a90b3c0655147cee09bfa7081cfc commit fixes the issue in TIFFFetchStripThing however the issue is still present in t2p_readwrite_pdf_image_tile.
Comment 1 Andreas Sturmlechner gentoo-dev 2018-09-18 15:50:41 UTC
This is already dealt with, at least SLOT 0 is clean. No idea about SLOT 3.
Comment 2 D'juan McDonald (domhnall) 2018-11-16 00:33:47 UTC
Package already cleaned from tree: 

Keywords for media-libs/tiff: commit ebfefcea
         |                           a     |       |  
         |                           m     |       |  
         |                           d   x |       |  
         |                           6   8 |       |  
         |                           4   6 |   u   |  
         | a a   a     p           s |   | |   n   |  
         | l m   r i   p   h m s   p f m f | e u s | r
         | p d a m a p c x p 6 3   a b i b | a s l | e
         | h 6 r 6 6 p 6 8 p 8 9 s r s p s | p e o | p
         | a 4 m 4 4 c 4 6 a k 0 h c d s d | i d t | o
---------+---------------------------------+-------+-------
3.9.7-r1 | ~ + ~ + ~ ~ ~ + ~ + + + ~ o ~ ~ | 5 o 3 | gentoo
---------+---------------------------------+-------+-------
4.0.9-r4 | + + + + + + + + + + + + + ~ ~ ~ | 7 o 0 | gentoo
Comment 3 Aaron Bauman (RETIRED) gentoo-dev 2019-03-26 18:32:11 UTC
TIFFReadDirEntryArray() is not present in the 3.x code.  Tree is secure.