tiff2ps crashed with SIGSEGV in TIFFReadScanline()
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tiff (Debian) |
Fix Released
|
Unknown
|
|||
tiff (Ubuntu) |
Fix Released
|
Medium
|
Kees Cook | ||
Dapper |
Fix Released
|
Medium
|
Jamie Strandboge | ||
Hardy |
Fix Released
|
Medium
|
Jamie Strandboge | ||
Intrepid |
Fix Released
|
Medium
|
Jamie Strandboge | ||
Jaunty |
Fix Released
|
Medium
|
Jamie Strandboge | ||
Karmic |
Fix Released
|
Medium
|
Kees Cook |
Bug Description
dekar@dekar-
Description: Ubuntu 8.10
Release: 8.10
dekar@dekar-
libtiff4:
Installed: 3.8.2-11
Candidate: 3.8.2-11
Version table:
*** 3.8.2-11 0
500 http://
100 /var/lib/
It crashes my Jaunty and my Lenny system as well!
The file has recently been used by hackers to run unsigned code on the Sony PSP console (it also uses libtiff) so it is likely to allow code execution on Ubuntu as well. The PSP has a MIPS CPU so the file I uploaded shouldn't do any harm to a normal x86er system (except the crash) - though I don't guarantee anything ;)
To try the exploit simply extract it to a folder and wait till Nautilus tries to generate a thumbnail. It even crashed my Firefox when I tried to upload it uncompressed.
Changed in debian: | |
status: | New → Confirmed |
summary: |
- Tiff exploit crashes libtiff and applications using it. Code execution - is most likely possible! + PSP tiff exploit crashes libtiff4 |
Changed in tiff (Ubuntu Dapper): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Changed in tiff (Ubuntu Hardy): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Changed in tiff (Ubuntu Intrepid): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Changed in tiff (Ubuntu Jaunty): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
assignee: | nobody → Jamie Strandboge (jdstrand) |
affects: | debian → tiff (Debian) |
Changed in tiff (Debian): | |
importance: | Undecided → Unknown |
status: | Confirmed → Unknown |
Changed in tiff (Ubuntu Karmic): | |
assignee: | Jamie Strandboge (jdstrand) → Kees Cook (kees) |
status: | Confirmed → Fix Committed |
Changed in tiff (Debian): | |
status: | Unknown → New |
security vulnerability: | yes → no |
Changed in tiff (Ubuntu Dapper): | |
status: | Confirmed → Fix Released |
Changed in tiff (Debian): | |
status: | New → Fix Released |
also crashes Konqueror