189976 – CVE-2006-2120 libtiff DoS

Bug 189976 - CVE-2006-2120 libtiff DoS

Summary: CVE-2006-2120 libtiff DoS

Keywords:
Status:	CLOSED INSUFFICIENT_DATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	libtiff
Sub Component:
Version:	5
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Tom Lane
QA Contact:
Docs Contact:
URL:
Whiteboard:	source=vendorsec,reported=20060426,pu...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-04-26 12:17 UTC by Josh Bressers
Modified:	2013-07-03 03:09 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-02-23 06:11:39 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Josh Bressers 2006-04-26 12:17:09 UTC

+++ This bug was initially created as a clone of Bug #189974 +++

A bug was fixed upstream where a malformed tiff image can cause libtiff to crash
due to an OOB memory read.

http://bugzilla.remotesensing.org/show_bug.cgi?id=1065

-- Additional comment from bressers on 2006-04-26 08:14 EST --
Created an attachment (id=128248)
Patch extracted from upstream CVS

Comment 1 Matthias Clasen 2006-04-27 17:53:32 UTC

patch is in libtiff-3.6.1-10 (RHEL4)

Comment 2 petrosyan 2008-02-23 06:11:39 UTC

Fedora Core 5 is no longer maintained.

Setting status to "INSUFFICIENT_DATA". If you can reproduce this bug in the
current Fedora release, please reopen this bug and assign it to the
corresponding Fedora version.

Note You need to log in before you can comment on or make changes to this bug.