Date: Fri, 09 Aug 2013 22:05:00 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Jan Lieskovsky <jlieskov@...hat.com>, "Steven M. Christey" <coley@...us.mitre.org>, Pedro Ribeiro <pedrib@...il.com>, Frank Warmerdam <warmerdam@...ox.com> Subject: Re: CVE Request -- Four (stack-based) buffer overflows and one use-after-free in libtiff v4.0.3 reported by Pedro Ribeiro -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/08/2013 12:06 PM, Jan Lieskovsky wrote: > Hello vendors, > > since Kurt asked for it, below is the summary of the issues. > >> >> Hello Kurt, Steve, vendors, >> >> Pedro Ribeiro has recently reported the following five security >> flaws being present in the tools of TIFF library:  >> http://www.asmail.be/msg0055359936.html > > * Issue #1 (tools/gif2tiff.c): Stack-based buffer overflow in the > gif2tiff tool when reading GIF extension block on crafted GIF > image * Issue #2 (tools/gif2tiff.c): Stack-based buffer overflow in > the gif2tiff tool when decoding a GIF raster image * Issue #3 > (tools/gif2tiff.c): Stack-based buffer overflow in the gif2tiff > tool when decoding a GIF raster image (same routine like in case > #2, just different line code) * Issue #4 (tools/tiff2pdf.c): Use > after free in tiff2pdf tool when reading TIFF file raster image > data and writing them to the output PDF XObject's image dictionary > stream * Issue #5 (tools/rgb2ycbcr.c): Stack-based buffer overflow > in the rgb2ycbcr tool when performing RGBA to YCbCr conversion > (converting non-YCbCr TIFF image to a YCbCr one) when processing > crafted rasted date of provided TIFF image file > > Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat > Security Response Team CVE MERGE'ing all the stack based buffer overflows into a single CVE. CVE-2013-4231 libtiff v4.0.3 Stack-based buffer overflow (4 in total) CVE-2013-4232 libtiff v4.0.3 use after free - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJSBbvrAAoJEBYNRVNeJnmTEzsP/0rhpyNeTtLiW5eV620dGj8Z WFvNDMV+V1a1LnqxFmAl00Lcp/6o8CdZLIuNOCMS22jGAK56W32lNYGMtNCSUytj nJNybYkF08mFkVtttVdXcV8ftMEStEEEelYRF+xotsrVFRi31bf5YgnQLkDpB2MM 1IGBiQ7wAkOIRCxrvR6lcL/7LlcfPKwqK1z02dFWMlS/nhANuTOdkct+Ea9MWp6a iPKM5o/nnHAbeM5WRPsG5DQ+c99dJiEv/L9nW/+J8NbFwHlHshKRL1uvthernV4l Xd/VhcPH+0VpX2kT8bB3DjEbxiAPQGHGLlFbxT0dNy5SJ9BsboeFRVUZpBazyvxa 88ygSemgwdbPAiUpcP7cZWtj5b3IN0tlHl7tejGzyyVXcw3pQtz0nQ+A5XA8Tb/E SBuoubOYKlJRctqqsPQQNAlncuXGPoZ1Fbt8nt9qvtR55wv8GVYzfx1XMu8+lFis MYQFA8o8JUzaTe5Q8H3a7/G79nKveTK/0Fd7evow/wiq+7PYSR1ntPJ85QP2kav8 F8cKz3+IdBknHNQ0Sdw6aJ7jF6t5PpmEHBtzVT8ZHf5U8YQRbE5yNJBPDbcfpfRq 41dCuKxDfc7SeTdpyF0Xz2jvIbdhOxj1Owq4IIfEgauNbGzX8q5MvEuIdwp7IFwT ywg3WrIBvjYxPw9SJfDu =k4i3 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.