Date: Fri, 09 Aug 2013 22:05:00 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Jan Lieskovsky <jlieskov@...hat.com>, "Steven M. Christey" <coley@...us.mitre.org>, Pedro Ribeiro <pedrib@...il.com>, Frank Warmerdam <warmerdam@...ox.com> Subject: Re: CVE Request -- Four (stack-based) buffer overflows and one use-after-free in libtiff v4.0.3 reported by Pedro Ribeiro -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/08/2013 12:06 PM, Jan Lieskovsky wrote: > Hello vendors, > > since Kurt asked for it, below is the summary of the issues. > >> >> Hello Kurt, Steve, vendors, >> >> Pedro Ribeiro has recently reported the following five security >> flaws being present in the tools of TIFF library:  >> http://www.asmail.be/msg0055359936.html > > * Issue #1 (tools/gif2tiff.c): Stack-based buffer overflow in the > gif2tiff tool when reading GIF extension block on crafted GIF > image * Issue #2 (tools/gif2tiff.c): Stack-based buffer overflow in > the gif2tiff tool when decoding a GIF raster image * Issue #3 > (tools/gif2tiff.c): Stack-based buffer overflow in the gif2tiff > tool when decoding a GIF raster image (same routine like in case > #2, just different line code) * Issue #4 (tools/tiff2pdf.c): Use > after free in tiff2pdf tool when reading TIFF file raster image > data and writing them to the output PDF XObject's image dictionary > stream * Issue #5 (tools/rgb2ycbcr.c): Stack-based buffer overflow > in the rgb2ycbcr tool when performing RGBA to YCbCr conversion > (converting non-YCbCr TIFF image to a YCbCr one) when processing > crafted rasted date of provided TIFF image file > > Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat > Security Response Team CVE MERGE'ing all the stack based buffer overflows into a single CVE. CVE-2013-4231 libtiff v4.0.3 Stack-based buffer overflow (4 in total) CVE-2013-4232 libtiff v4.0.3 use after free - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJSBbvrAAoJEBYNRVNeJnmTEzsP/0rhpyNeTtLiW5eV620dGj8Z WFvNDMV+V1a1LnqxFmAl00Lcp/6o8CdZLIuNOCMS22jGAK56W32lNYGMtNCSUytj nJNybYkF08mFkVtttVdXcV8ftMEStEEEelYRF+xotsrVFRi31bf5YgnQLkDpB2MM 1IGBiQ7wAkOIRCxrvR6lcL/7LlcfPKwqK1z02dFWMlS/nhANuTOdkct+Ea9MWp6a iPKM5o/nnHAbeM5WRPsG5DQ+c99dJiEv/L9nW/+J8NbFwHlHshKRL1uvthernV4l Xd/VhcPH+0VpX2kT8bB3DjEbxiAPQGHGLlFbxT0dNy5SJ9BsboeFRVUZpBazyvxa 88ygSemgwdbPAiUpcP7cZWtj5b3IN0tlHl7tejGzyyVXcw3pQtz0nQ+A5XA8Tb/E SBuoubOYKlJRctqqsPQQNAlncuXGPoZ1Fbt8nt9qvtR55wv8GVYzfx1XMu8+lFis MYQFA8o8JUzaTe5Q8H3a7/G79nKveTK/0Fd7evow/wiq+7PYSR1ntPJ85QP2kav8 F8cKz3+IdBknHNQ0Sdw6aJ7jF6t5PpmEHBtzVT8ZHf5U8YQRbE5yNJBPDbcfpfRq 41dCuKxDfc7SeTdpyF0Xz2jvIbdhOxj1Owq4IIfEgauNbGzX8q5MvEuIdwp7IFwT ywg3WrIBvjYxPw9SJfDu =k4i3 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ