From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax) Description of problem: 05.19.26 CVE: Not Available Platform: Cross Platform Title: LibTIFF TIFFOpen Buffer Overflow Vulnerability Description: LibTIFF is a library designed to facilitate the reading and manipulation of Tag Image File Format (TIFF) files. It is prone to a stack-based buffer overflow vulnerability in the TIFFOpen() function when a malformed TIFF file with too many values in the BitsPerSample tag is viewed by an application that calls the vulnerable library. An attacker may leverage this issue to run arbitrary code in the security context of the vulnerable application. LibTIFF versions 3.7.1 and earlier are vulnerable. Ref: http://www.securityfocus.com/advisories/8550 Version-Release number of selected component (if applicable): How reproducible: Didn't try Additional info:
this is CAN-2005-1544. we're going to have to fix all the other packages that include this libtiff code, too, again :( like CUPS, ghostscript, etc...
This issue only affects libtiff 3.7 and greater. We're not affected.
marc: are you sure? http://xforce.iss.net/xforce/xfdb/20533 says all 3.x versions before 3.7.2 are affected: "Sam Leffler: LibTIFF 3.x" and ubuntu patched their 3.6.x libtiff: http://www.ubuntulinux.org/support/documentation/usn/usn-130-1
I just took the info from bug #156980. The patch there doesn't seem to apply to libtiff from fc2...although I'm not sure that's even the right patch.
well should we reopen this until somebody has time to investigate further?
sure
05.31.22 CVE: Not Available Platform: Cross Platform Title: LibTiff Tiff Image Header Divide By Zero Denial of Service Description: LibTIFF is a library designed to facilitate the reading and manipulation of Tag Image File Format (TIFF) files. It is reported to be vulnerable to a denial of service issue due to improper sanitization of "YCBCr subsampling" value in TIFF image header. LibTIFF version 3.6.1 is reported to be vulnerable. Ref: http://www.securityfocus.com/bid/14417
06.31.23 CVE: Not Available Platform: Unix Title: LibTIFF Next RLE Decoder Remote Heap Overflow Description: LibTIFF is a library designed to facilitate the reading and manipulation of Tag Image File Format (TIFF) files. The Next RLE Decoder for libTIFprone to a remote heap overflow vulnerability. This issue occurs because the application fails to check boundary conditions on certian RLE decoding operations. Ref: http://rhn.redhat.com/errata/RHSA-2006-0603.html 06.31.24 CVE: Not Available Platform: Unix Title: LibTIFF Sanity Checks Multiple Denial of Service Vulnerabilities Description: LibTIFF is a library designed to facilitate the reading and manipulation of Tag Image File Format (TIFF) files. LibTIFF is affected by multiple denial of service vulnerabilities. The vulnerabilities exist in multiple unspecified arithmetic operations that are not validated, including bounds-checking to ensure offsets in TIFF directories are valid. Also, various codepaths resulted in client application calling the abort() function. Ref: http://rhn.redhat.com/errata/RHSA-2006-0603.html
06.31.40 CVE: CVE-2006-3465 Platform: Cross Platform Title: LibTIFF Library Anonymous Field Merging Denial of Service Description: The LibTIFF library is a set of graphic handling routines for the Tag Image File Format. It is prone to a denial of service vulnerability. Fields with unexpected values can be produced by creating anonymous TIFF file fields, and merging them from information supplied by a codec. Ref: http://www.securityfocus.com/bid/19287 06.31.42 CVE: CVE-2006-3459 Platform: Cross Platform Title: LibTIFF TiffFetchShortPair Remote Buffer Overflow Description: LibTIFF is a library designed to facilitate the reading and manipulation of Tag Image File Format (TIFF) files. It is exposed to a buffer-overflow issue. This issue is due to improper proper boundary checks before copying user-supplied data into a finite sized buffer. The problem occurs in the "TIFFFetchShortPair()" function of "tif_dirread.c" file. Ref: http://rhn.redhat.com/errata/RHSA-2006-0603.html ______________________________________________________________________ 06.31.43 CVE: CVE-2006-3463 Platform: Cross Platform Title: LibTIFF EstimateStripByteCounts() Denial of Service Description: LibTIFF is a library designed to facilitate the reading and manipulation of TIFF files. It is affected by a denial of service vulnerability, due to the "EstimateStripByteCounts()" function improperly handling the iteration of a 16 bit unsigned short over a 32 bit unsigned value, resulting in an infinite loop. Versions 3.8.2 and prior are reported as vulnerable. Ref: http://www.securityfocus.com/bid/19284 ______________________________________________________________________ 06.31.44 CVE: CVE-2006-3460 Platform: Cross Platform Title: LibTIFF TiffScanLineSize Remote Buffer Overflow Description: LibTIFF is a library designed to facilitate the reading and manipulation of TIFF files. It is prone to a heap based buffer overflow vulnerability. The problem occurs in the jpeg decoder when the encoded jpeg stream may conflict with the data returned by TIFFScanLineSize() and TIFFReadScanline(). Ref: http://rhn.redhat.com/errata/RHSA-2006-0603.html ______________________________________________________________________ 06.31.45 CVE: Not Available Platform: Cross Platform Title: LibTIFF PixarLog Decoder Remote Heap Buffer Overflow Description: LibTIFF is a library designed to facilitate the reading and manipulation of Tag Image File Format (TIFF) files. The PixarLog Decoder for LibTIFF is prone to a remote heap overflow issue. All current versions are affected. Ref: http://www.securityfocus.com/bid/19290
REOPENED status has been deprecated. ASSIGNED with keyword of Reopened is preferred.
Fedora Legacy project is closed. This issue will not be fixed by Fedora Legacy.