Bug 157698 - CAN-2005-1544 LibTIFF TIFFOpen Buffer Overflow Vulnerability
CAN-2005-1544 LibTIFF TIFFOpen Buffer Overflow Vulnerability
Status: CLOSED WONTFIX
Product: Fedora Legacy
Classification: Retired
Component: libtiff (Show other bugs)
unspecified
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
http://www.securityfocus.com/advisori...
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-05-13 17:02 EDT by John Dalbec
Modified: 2007-09-03 20:18 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-09-03 20:18:07 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description John Dalbec 2005-05-13 17:02:48 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax)

Description of problem:
05.19.26 CVE: Not Available
Platform: Cross Platform
Title: LibTIFF TIFFOpen Buffer Overflow Vulnerability
Description: LibTIFF is a library designed to facilitate the reading
and manipulation of Tag Image File Format (TIFF) files. It is prone to
a stack-based buffer overflow vulnerability in the TIFFOpen() function
when a malformed TIFF file with too many values in the BitsPerSample
tag is viewed by an application that calls the vulnerable library. An
attacker may leverage this issue to run arbitrary code in the security
context of the vulnerable application. LibTIFF versions 3.7.1 and
earlier are vulnerable.
Ref: http://www.securityfocus.com/advisories/8550 

Version-Release number of selected component (if applicable):


How reproducible:
Didn't try


Additional info:
Comment 1 Marc Bejarano 2005-08-17 17:39:02 EDT
this is CAN-2005-1544.  we're going to have to fix all the other packages that
include this libtiff code, too, again :(  like CUPS, ghostscript, etc...
Comment 2 Marc Deslauriers 2005-08-17 18:38:37 EDT
This issue only affects libtiff 3.7 and greater. We're not affected.
Comment 3 Marc Bejarano 2005-08-17 21:19:39 EDT
marc: are you sure?

http://xforce.iss.net/xforce/xfdb/20533 says all 3.x versions before 3.7.2 are
affected: "Sam Leffler: LibTIFF 3.x"

and ubuntu patched their 3.6.x libtiff:
http://www.ubuntulinux.org/support/documentation/usn/usn-130-1
Comment 4 Marc Deslauriers 2005-08-17 23:29:24 EDT
I just took the info from bug #156980. The patch there doesn't seem to apply to
libtiff from fc2...although I'm not sure that's even the right patch.
Comment 5 Marc Bejarano 2005-08-18 00:55:34 EDT
well should we reopen this until somebody has time to investigate further?
Comment 6 Marc Deslauriers 2005-08-18 08:21:48 EDT
sure
Comment 7 John Dalbec 2005-09-08 08:24:24 EDT
05.31.22 CVE: Not Available
Platform: Cross Platform
Title: LibTiff Tiff Image Header Divide By Zero Denial of Service
Description: LibTIFF is a library designed to facilitate the reading
and manipulation of Tag Image File Format (TIFF) files. It is reported
to be vulnerable to a denial of service issue due to improper
sanitization of "YCBCr subsampling" value in TIFF image header.
LibTIFF version 3.6.1 is reported to be vulnerable.
Ref: http://www.securityfocus.com/bid/14417 
Comment 8 John Dalbec 2006-08-08 16:32:34 EDT
06.31.23 CVE: Not Available
Platform: Unix
Title: LibTIFF Next RLE Decoder Remote Heap Overflow
Description: LibTIFF is a library designed to facilitate the reading
and manipulation of Tag Image File Format (TIFF) files. The Next RLE
Decoder for libTIFprone to a remote heap overflow vulnerability. This
issue occurs because the application fails to check boundary
conditions on certian RLE decoding operations.
Ref: http://rhn.redhat.com/errata/RHSA-2006-0603.html

06.31.24 CVE: Not Available
Platform: Unix
Title: LibTIFF Sanity Checks Multiple Denial of Service
Vulnerabilities
Description: LibTIFF is a library designed to facilitate the reading
and manipulation of Tag Image File Format (TIFF) files. LibTIFF is
affected by multiple denial of service vulnerabilities. The
vulnerabilities exist in multiple unspecified arithmetic operations
that are not validated, including bounds-checking to ensure offsets in
TIFF directories are valid. Also, various codepaths resulted in client
application calling the abort() function.
Ref: http://rhn.redhat.com/errata/RHSA-2006-0603.html
Comment 9 John Dalbec 2006-08-08 16:40:28 EDT
06.31.40 CVE: CVE-2006-3465
Platform: Cross Platform
Title: LibTIFF Library Anonymous Field Merging Denial of Service
Description: The LibTIFF library is a set of graphic handling routines
for the Tag Image File Format. It is prone to a denial of service
vulnerability. Fields with unexpected values can be produced by
creating anonymous TIFF file fields, and merging them from information
supplied by a codec.
Ref: http://www.securityfocus.com/bid/19287

06.31.42 CVE: CVE-2006-3459
Platform: Cross Platform
Title: LibTIFF TiffFetchShortPair Remote Buffer Overflow
Description: LibTIFF is a library designed to facilitate the reading
and manipulation of Tag Image File Format (TIFF) files. It is exposed
to a buffer-overflow issue. This issue is due to improper proper
boundary checks before copying user-supplied data into a finite sized
buffer. The problem occurs in the "TIFFFetchShortPair()" function of
"tif_dirread.c" file.
Ref: http://rhn.redhat.com/errata/RHSA-2006-0603.html
______________________________________________________________________

06.31.43 CVE: CVE-2006-3463
Platform: Cross Platform
Title: LibTIFF EstimateStripByteCounts() Denial of Service
Description: LibTIFF is a library designed to facilitate the reading
and manipulation of TIFF files. It is affected by a denial of service
vulnerability, due to the "EstimateStripByteCounts()" function
improperly handling the iteration of a 16 bit unsigned short over a 32
bit unsigned value, resulting in an infinite loop. Versions 3.8.2 and
prior are reported as vulnerable.
Ref: http://www.securityfocus.com/bid/19284
______________________________________________________________________

06.31.44 CVE: CVE-2006-3460
Platform: Cross Platform
Title: LibTIFF TiffScanLineSize Remote Buffer Overflow
Description: LibTIFF is a library designed to facilitate the reading
and manipulation of TIFF files. It is prone to a heap based buffer
overflow vulnerability. The problem occurs in the jpeg decoder when
the encoded jpeg stream may conflict with the data returned by
TIFFScanLineSize() and TIFFReadScanline().
Ref: http://rhn.redhat.com/errata/RHSA-2006-0603.html
______________________________________________________________________

06.31.45 CVE: Not Available
Platform: Cross Platform
Title: LibTIFF PixarLog Decoder Remote Heap Buffer Overflow
Description: LibTIFF is a library designed to facilitate the reading
and manipulation of Tag Image File Format (TIFF) files. The PixarLog
Decoder for LibTIFF is prone to a remote heap overflow issue. All
current versions are affected.
Ref: http://www.securityfocus.com/bid/19290
Comment 10 Red Hat Bugzilla 2007-02-05 14:22:02 EST
REOPENED status has been deprecated. ASSIGNED with keyword of Reopened is preferred.
Comment 11 David Eisenstein 2007-09-03 20:18:07 EDT
Fedora Legacy project is closed.  This issue will not be fixed by Fedora Legacy.

Note You need to log in before you can comment on or make changes to this bug.