Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 28 Apr 2006 11:39:34 -0300
From:      Marcus Alves Grando <mnag@FreeBSD.org>
To:        freebsd-emulation@FreeBSD.org
Subject:   [Fwd: [SA19838] LibTIFF Multiple Vulnerabilities]
Message-ID:  <44522926.7050400@FreeBSD.org>

next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Can someone update graphics/linux-tiff to fix this issue?

Thanks

- -------- Original Message --------
Subject: [SA19838] LibTIFF Multiple Vulnerabilities
Date: 28 Apr 2006 09:33:52 -0000
From: Secunia Security Advisories <sec-adv@secunia.com>
To: marcus@corp.grupos.com.br


TITLE:
LibTIFF Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA19838

VERIFY ADVISORY:
http://secunia.com/advisories/19838/

CRITICAL:
Moderately critical

IMPACT:
DoS, System access

WHERE:
- From remote

SOFTWARE:
LibTIFF 3.x
http://secunia.com/product/4053/

DESCRIPTION:
Tavis Ormandy has reported some vulnerabilities in LibTIFF, which can
be exploited by malicious people to cause a DoS (Denial of Service)
and potentially to compromise a user's system.

1) Several unspecified errors in the "TIFFFetchAnyArray()" function
and in the cleanup functions can be exploited to crash an application
linked against LibTIFF when a specially crafted TIFF image is
processed.

2) An integer overflow error in the "TIFFFetchData()" function in
tif_dirread.c can be exploited to crash an application linked against
LibTIFF and may allow arbitrary code execution when a specially
crafted TIFF image is processed.

3) A double free error in tif_jpeg.c within the setfield/getfield
methods in the cleanup functions can be exploited to crash an
application linked against LibTIFF and may allow arbitrary code
execution when a specially crafted TIFF image is processed.

The vulnerabilities have been reported in version 3.8.0. Prior
versions may also be affected.

SOLUTION:
Update to version 3.8.1 or later.
http://www.remotesensing.org/libtiff/

PROVIDED AND/OR DISCOVERED BY:
Tavis Ormandy

ORIGINAL ADVISORY:
http://www.remotesensing.org/libtiff/v3.8.1.html
http://bugzilla.remotesensing.org/show_bug.cgi?id=1102
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933

- ----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

- ----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=marcus%40corp.grupos.com.br

- ----------------------------------------------------------------------

- --
Marcus Alves Grando
FreeBSD Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEUikli+5fOs3MJz8RAsNfAJ4uUn8CCjpAVTeBPUTbqKf4HfqumgCfXZd+
EsvaV6xjmgla8V9bvO4r2ks=
=KkmQ
-----END PGP SIGNATURE-----



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44522926.7050400>