143577 – CVE-2004-1183 libtiff: tiffdump integer overflow

Bug 143577 - CVE-2004-1183 libtiff: tiffdump integer overflow

Summary: CVE-2004-1183 libtiff: tiffdump integer overflow

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 3
Classification:	Red Hat
Component:	libtiff
Sub Component:
Version:	3.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	low
Target Milestone:	---
Assignee:	Matthias Clasen
QA Contact:
Docs Contact:
URL:
Whiteboard:	impact=low,embargoed=20060101
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-12-22 15:33 UTC by Josh Bressers
Modified:	2008-08-12 11:46 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-01-13 13:21:08 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
Proposed patch for this issue. (386 bytes, patch) 2005-01-04 14:19 UTC, Josh Bressers	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2005:019	0	normal	SHIPPED_LIVE	Important: libtiff security update	2005-01-13 05:00:00 UTC

Description Josh Bressers 2004-12-22 15:33:21 UTC

Dmitry V. Levin has reported to vendor-sec an issue with tiffdump.
The issue appears to be an integer overflow which could lead to a
buffer overflow.

There is no patch yet.  More work is being done on this issue.  I'll
post more information when it's available.

This issue should also affect RHEL2.1

Comment 1 Josh Bressers 2004-12-22 15:35:19 UTC

attachment 109026 [details]
contains a demo image file to exploit this issue.

Comment 2 Josh Bressers 2005-01-03 22:05:56 UTC

Can we get this update into RHSA-2004:698

This issue is sort of embargoed now.  It's not technically private,
but it seems vendors may be willing to hold off on updates for a bit.
 It seems additional work is not being done on this issue.

Comment 3 Josh Bressers 2005-01-04 14:19:00 UTC

Created attachment 109325 [details]
Proposed patch for this issue.

Comment 4 Matthias Clasen 2005-01-04 20:01:40 UTC

Build libtiff-3.5.5-19 (RHEL-2.1) and libtiff-3.5.7-22.el3 (RHEL3)
and updated RHSA-2005:019 (!)

Comment 5 Josh Bressers 2005-01-05 14:19:36 UTC

Lifting embargo.

Comment 6 Josh Bressers 2005-01-13 13:21:08 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-019.html

Note You need to log in before you can comment on or make changes to this bug.