Bug 143576

Summary: libtiff integer overflow.
Product: [Fedora] Fedora Reporter: Josh Bressers <bressers>
Component: libtiffAssignee: Matthias Clasen <mclasen>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: low Docs Contact:
Priority: medium    
Version: 3CC: deisenst, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=low,embargoed=20060101
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-01-19 14:49:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Attachments:
Description Flags
Demo exploit image. none

Description Josh Bressers 2004-12-22 15:31:33 UTC
Dmitry V. Levin has reported to vendor-sec an issue with tiffdump.
The issue appears to be an integer overflow which could lead to a
buffer overflow.

There is no patch yet.  More work is being done on this issue.  I'll
post more information when it's available.

This issue should also affect FC2

Comment 1 Josh Bressers 2004-12-22 15:34:28 UTC
Created attachment 109026 [details]
Demo exploit image.

Comment 2 Josh Bressers 2005-01-05 14:21:11 UTC
Removing embargo

Comment 3 David Eisenstein 2005-01-15 11:38:05 UTC
Does this bugzilla entry relate to CVE CAN=2004-1183?

Has this issue been fixed by Fedora Update Notification
FEDORA-2005-597
 
<http://www.redhat.com/archives/fedora-announce-list/2005-January/msg00023.html>
and
FEDORA-2005-598
  
<http://www.redhat.com/archives/fedora-announce-list/2005-January/msg00024.html?
??


Comment 4 Matthias Clasen 2005-01-19 14:49:21 UTC
Yes it does. If you look closely, the changelog mentions this bug.