Bug 1185817 (CVE-2014-8130)

Summary: CVE-2014-8130 libtiff: divide by zero in the tiffdither tool
Product: [Other] Security Response Reporter: Vasyl Kaigorodov <vkaigoro>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: mhradile, phracek, sisharma
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-08 02:38:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1299918, 1299919, 1299920, 1299921, 1335098, 1335099    
Bug Blocks: 1174883    

Description Vasyl Kaigorodov 2015-01-26 11:13:10 UTC
Divide by zero was reported in the libtiff tiffdither tool:

- CVE-2014-8130 libtiff: Divide By Zero in the tiffdither tool
  http://bugzilla.maptools.org/show_bug.cgi?id=2483

The above upstream bug was fixed by one of the commits that fix CVE-2014-8127 / CVE-2014-8128 / CVE-2014-8129

Comment 1 Siddharth Sharma 2015-03-26 06:58:52 UTC
Patch
=====

https://github.com/vadz/libtiff/commit/3c5eb8b1be544e41d2c336191bc4936300ad7543


libtiff/tif_unix.c
 @@ -257,6 +257,9 @@ TIFFOpenW(const wchar_t* name, const char* mode)
 void*
 _TIFFmalloc(tmsize_t s)
 {
+        if (s == 0)
+                return ((void *) NULL);
+
 	return (malloc((size_t) s));
 }
 
above patch seems to suppresses this flaw

Comment 2 Siddharth Sharma 2015-06-01 11:56:57 UTC
Statement:

Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw in libtiff.

Comment 7 errata-xmlrpc 2016-08-02 16:40:29 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2016:1547 https://rhn.redhat.com/errata/RHSA-2016-1547.html

Comment 8 errata-xmlrpc 2016-08-02 16:59:36 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:1546 https://rhn.redhat.com/errata/RHSA-2016-1546.html