Ubuntu

CAN-2004-0803, CAN-2004-0890: Multiple vulnerabilities in libtiff

Reported by Matt Zimmerman on 2004-10-13
4
Affects Status Importance Assigned to Milestone
tiff (Ubuntu)
Critical
Fabio Massimo Di Nitto

Bug Description

Some of the bugs are covered by an advisory from Chris Evans which should appear
here: http://scary.beasts.org/security/CESA-2004-006.txt

However, there are several different bugs of different types, noticed by
different parties at different times, so there is some work to be done to ensure
that we have all of the patches that we need. I'm investigating.

Matt Zimmerman (mdz) wrote :

Created an attachment (id=472)
Patch #1

Matt Zimmerman (mdz) wrote :

Created an attachment (id=473)
Patch #2

Matt Zimmerman (mdz) wrote :

Created an attachment (id=474)
Patch #3

Matt Zimmerman (mdz) wrote :

Patches #1-3 should provide all of the needed fixes for tiff 3.6.1.

Here are some test images which demonstrate the problems, provided by Chris
Evans and Dmitry V. Levin. Note that in some cases, the result is subtle memory
corruption, and these images may not trigger an immediate crash.

http://scary.beasts.org/misc/bad_next.tiff
http://scary.beasts.org/misc/bad_thunder.tiff
ftp://ftp.altlinux.org/pvt/people/ldv/scanline-16384x8x32768.tiff

Ok I take it. If somebody is faster than me just go ahead ;)

Fixed with tiff_3.6.1-1.1ubuntu1 upload.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.