Bug 996468 (CVE-2013-4244) - CVE-2013-4244 libtiff (gif2tiff): OOB Write in LZW decompressor
Summary: CVE-2013-4244 libtiff (gif2tiff): OOB Write in LZW decompressor
Status: CLOSED ERRATA
Alias: CVE-2013-4244
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20130814,repor...
Keywords: Security
Depends On: 996827 996832 996833 1063460 1063461 1063464 1063465
Blocks: 994449
TreeView+ depends on / blocked
 
Reported: 2013-08-13 08:29 UTC by Huzaifa S. Sidhpurwala
Modified: 2019-06-08 19:41 UTC (History)
4 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2014-02-27 19:24:16 UTC


Attachments (Terms of Use)
Proposed patch (363 bytes, patch)
2013-08-14 04:27 UTC, Huzaifa S. Sidhpurwala
no flags Details | Diff
Proposed patch (unified) (566 bytes, patch)
2013-08-14 04:28 UTC, Huzaifa S. Sidhpurwala
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2014:0222 normal SHIPPED_LIVE Moderate: libtiff security update 2014-02-27 23:33:36 UTC
Red Hat Product Errata RHSA-2014:0223 normal SHIPPED_LIVE Moderate: libtiff security update 2014-02-27 23:33:30 UTC

Description Huzaifa S. Sidhpurwala 2013-08-13 08:29:55 UTC
An OOB Write was found in the LZW decompressor used in gif2tiff, a tool to convert GIF images to TIFF. A remote attacker could provide a specially-crafted GIF file that, when processed by gif2tiff, would cause gif2tiff to crash or, potentially, execute arbitrary code with the privileges of the user running gif2tiff.

Comment 2 Huzaifa S. Sidhpurwala 2013-08-14 04:27:41 UTC
Created attachment 786398 [details]
Proposed patch

Comment 3 Huzaifa S. Sidhpurwala 2013-08-14 04:28:40 UTC
Created attachment 786399 [details]
Proposed patch (unified)

Comment 5 Huzaifa S. Sidhpurwala 2013-08-14 05:51:11 UTC
Created libtiff tracking bugs for this issue:

Affects: fedora-all [bug 996832]

Comment 6 Huzaifa S. Sidhpurwala 2013-08-14 05:51:16 UTC
Created mingw-libtiff tracking bugs for this issue:

Affects: fedora-all [bug 996833]

Comment 8 Huzaifa S. Sidhpurwala 2013-08-16 05:17:12 UTC
This issue was addressed in libtiff upstream CVS repo, via the following commit:

revision 1.14
date: 2013-08-14 13:59:17 +0000;  author: fwarmerdam;  state: Exp;  lines: +5 -1;  commitid: zanjJMEQdd22zq1x;
fix possible OOB write in gif2tiff.c

Comment 9 Fedora Update System 2013-09-07 01:25:51 UTC
libtiff-4.0.3-9.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2013-09-18 12:58:40 UTC
libtiff-4.0.3-9.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 13 Murray McAllister 2014-02-11 05:29:59 UTC
Acknowledgements:

This issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team.

Comment 14 errata-xmlrpc 2014-02-27 18:35:04 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2014:0223 https://rhn.redhat.com/errata/RHSA-2014-0223.html

Comment 15 errata-xmlrpc 2014-02-27 18:35:53 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2014:0222 https://rhn.redhat.com/errata/RHSA-2014-0222.html

Comment 16 Vincent Danen 2014-02-27 19:24:16 UTC
Statement:

(none)


Note You need to log in before you can comment on or make changes to this bug.