Bug 157698
Summary: | CAN-2005-1544 LibTIFF TIFFOpen Buffer Overflow Vulnerability | ||
---|---|---|---|
Product: | [Retired] Fedora Legacy | Reporter: | John Dalbec <jpdalbec> |
Component: | libtiff | Assignee: | Fedora Legacy Bugs <bugs> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | bugzilla.redhat |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
URL: | http://www.securityfocus.com/advisories/8550 | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-09-04 00:18:07 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
John Dalbec
2005-05-13 21:02:48 UTC
this is CAN-2005-1544. we're going to have to fix all the other packages that include this libtiff code, too, again :( like CUPS, ghostscript, etc... This issue only affects libtiff 3.7 and greater. We're not affected. marc: are you sure? http://xforce.iss.net/xforce/xfdb/20533 says all 3.x versions before 3.7.2 are affected: "Sam Leffler: LibTIFF 3.x" and ubuntu patched their 3.6.x libtiff: http://www.ubuntulinux.org/support/documentation/usn/usn-130-1 I just took the info from bug #156980. The patch there doesn't seem to apply to libtiff from fc2...although I'm not sure that's even the right patch. well should we reopen this until somebody has time to investigate further? sure 05.31.22 CVE: Not Available Platform: Cross Platform Title: LibTiff Tiff Image Header Divide By Zero Denial of Service Description: LibTIFF is a library designed to facilitate the reading and manipulation of Tag Image File Format (TIFF) files. It is reported to be vulnerable to a denial of service issue due to improper sanitization of "YCBCr subsampling" value in TIFF image header. LibTIFF version 3.6.1 is reported to be vulnerable. Ref: http://www.securityfocus.com/bid/14417 06.31.23 CVE: Not Available Platform: Unix Title: LibTIFF Next RLE Decoder Remote Heap Overflow Description: LibTIFF is a library designed to facilitate the reading and manipulation of Tag Image File Format (TIFF) files. The Next RLE Decoder for libTIFprone to a remote heap overflow vulnerability. This issue occurs because the application fails to check boundary conditions on certian RLE decoding operations. Ref: http://rhn.redhat.com/errata/RHSA-2006-0603.html 06.31.24 CVE: Not Available Platform: Unix Title: LibTIFF Sanity Checks Multiple Denial of Service Vulnerabilities Description: LibTIFF is a library designed to facilitate the reading and manipulation of Tag Image File Format (TIFF) files. LibTIFF is affected by multiple denial of service vulnerabilities. The vulnerabilities exist in multiple unspecified arithmetic operations that are not validated, including bounds-checking to ensure offsets in TIFF directories are valid. Also, various codepaths resulted in client application calling the abort() function. Ref: http://rhn.redhat.com/errata/RHSA-2006-0603.html 06.31.40 CVE: CVE-2006-3465 Platform: Cross Platform Title: LibTIFF Library Anonymous Field Merging Denial of Service Description: The LibTIFF library is a set of graphic handling routines for the Tag Image File Format. It is prone to a denial of service vulnerability. Fields with unexpected values can be produced by creating anonymous TIFF file fields, and merging them from information supplied by a codec. Ref: http://www.securityfocus.com/bid/19287 06.31.42 CVE: CVE-2006-3459 Platform: Cross Platform Title: LibTIFF TiffFetchShortPair Remote Buffer Overflow Description: LibTIFF is a library designed to facilitate the reading and manipulation of Tag Image File Format (TIFF) files. It is exposed to a buffer-overflow issue. This issue is due to improper proper boundary checks before copying user-supplied data into a finite sized buffer. The problem occurs in the "TIFFFetchShortPair()" function of "tif_dirread.c" file. Ref: http://rhn.redhat.com/errata/RHSA-2006-0603.html ______________________________________________________________________ 06.31.43 CVE: CVE-2006-3463 Platform: Cross Platform Title: LibTIFF EstimateStripByteCounts() Denial of Service Description: LibTIFF is a library designed to facilitate the reading and manipulation of TIFF files. It is affected by a denial of service vulnerability, due to the "EstimateStripByteCounts()" function improperly handling the iteration of a 16 bit unsigned short over a 32 bit unsigned value, resulting in an infinite loop. Versions 3.8.2 and prior are reported as vulnerable. Ref: http://www.securityfocus.com/bid/19284 ______________________________________________________________________ 06.31.44 CVE: CVE-2006-3460 Platform: Cross Platform Title: LibTIFF TiffScanLineSize Remote Buffer Overflow Description: LibTIFF is a library designed to facilitate the reading and manipulation of TIFF files. It is prone to a heap based buffer overflow vulnerability. The problem occurs in the jpeg decoder when the encoded jpeg stream may conflict with the data returned by TIFFScanLineSize() and TIFFReadScanline(). Ref: http://rhn.redhat.com/errata/RHSA-2006-0603.html ______________________________________________________________________ 06.31.45 CVE: Not Available Platform: Cross Platform Title: LibTIFF PixarLog Decoder Remote Heap Buffer Overflow Description: LibTIFF is a library designed to facilitate the reading and manipulation of Tag Image File Format (TIFF) files. The PixarLog Decoder for LibTIFF is prone to a remote heap overflow issue. All current versions are affected. Ref: http://www.securityfocus.com/bid/19290 REOPENED status has been deprecated. ASSIGNED with keyword of Reopened is preferred. Fedora Legacy project is closed. This issue will not be fixed by Fedora Legacy. |