Bug 143576 - libtiff integer overflow.
Summary: libtiff integer overflow.
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: libtiff
Version: 3
Hardware: All
OS: Linux
medium
low
Target Milestone: ---
Assignee: Matthias Clasen
QA Contact:
URL:
Whiteboard: impact=low,embargoed=20060101
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-12-22 15:31 UTC by Josh Bressers
Modified: 2007-11-30 22:10 UTC (History)
2 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2005-01-19 14:49:21 UTC


Attachments (Terms of Use)
Demo exploit image. (268 bytes, image/tiff)
2004-12-22 15:34 UTC, Josh Bressers
no flags Details

Description Josh Bressers 2004-12-22 15:31:33 UTC
Dmitry V. Levin has reported to vendor-sec an issue with tiffdump.
The issue appears to be an integer overflow which could lead to a
buffer overflow.

There is no patch yet.  More work is being done on this issue.  I'll
post more information when it's available.

This issue should also affect FC2

Comment 1 Josh Bressers 2004-12-22 15:34:28 UTC
Created attachment 109026 [details]
Demo exploit image.

Comment 2 Josh Bressers 2005-01-05 14:21:11 UTC
Removing embargo

Comment 3 David Eisenstein 2005-01-15 11:38:05 UTC
Does this bugzilla entry relate to CVE CAN=2004-1183?

Has this issue been fixed by Fedora Update Notification
FEDORA-2005-597
 
<http://www.redhat.com/archives/fedora-announce-list/2005-January/msg00023.html>
and
FEDORA-2005-598
  
<http://www.redhat.com/archives/fedora-announce-list/2005-January/msg00024.html?
??


Comment 4 Matthias Clasen 2005-01-19 14:49:21 UTC
Yes it does. If you look closely, the changelog mentions this bug.


Note You need to log in before you can comment on or make changes to this bug.