Bug 678956 (CVE-2011-0191)

Summary: CVE-2011-0191 libtiff: buffer overflow in JPEGDecode
Product: [Other] Security Response Reporter: Huzaifa S. Sidhpurwala <huzaifas>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: security-response-team, tgl
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-02-22 08:33:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Huzaifa S. Sidhpurwala 2011-02-21 04:47:08 UTC 
A heap-based buffer overflow was found in the way TIFF (Tagged Image File
Format) image files manipulating library parsed certain malformed tiff files.
This can be triggered only if libtiff is compiled with JPEG.

If an attacker created a specially-crafted image file and tricked a local, 
unsuspecting user into loading the image file in an application that uses 
the TIFF image manipulating library, it could cause that application to 
crash or, potentially, execute arbitrary code with the privileges of 
the user running the application.
Comment 3 Huzaifa S. Sidhpurwala 2011-02-21 06:01:55 UTC 
Note:
This bug does not affect the version of libtiff 3.8.X shipped with rhel-5 because libtiff is patched with libtiff-jpeg-scanline.patch, which mitigates the patch.

Upstream bug link:
http://bugzilla.maptools.org/show_bug.cgi?id=1936
Comment 5 Huzaifa S. Sidhpurwala 2011-02-22 07:21:26 UTC 
Statement:

Not vulnerable. This issue did not affect the versions of libtiff as
shipped with Red Hat Enterprise Linux 4, 5, or 6.