Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE Request -- Four (stack-based) buffer overflows and one use-after-free in libtiff v4.0.3 reported by Pedro Ribeiro
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 09 Aug 2013 22:05:00 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/08/2013 12:06 PM, Jan Lieskovsky wrote:
Hello vendors,

since Kurt asked for it, below is the summary of the issues.


Hello Kurt, Steve, vendors,

Pedro Ribeiro has recently reported the following five security 
flaws being present in the tools of TIFF library: [1]
http://www.asmail.be/msg0055359936.html

* Issue #1 (tools/gif2tiff.c): Stack-based buffer overflow in the
gif2tiff tool when reading GIF extension block on crafted GIF
image * Issue #2 (tools/gif2tiff.c): Stack-based buffer overflow in
the gif2tiff tool when decoding a GIF raster image * Issue #3
(tools/gif2tiff.c): Stack-based buffer overflow in the gif2tiff
tool when decoding a GIF raster image (same routine like in case
#2, just different line code) * Issue #4 (tools/tiff2pdf.c): Use
after free in tiff2pdf tool when reading TIFF file raster image
data and writing them to the output PDF XObject's image dictionary
stream * Issue #5 (tools/rgb2ycbcr.c): Stack-based buffer overflow
in the rgb2ycbcr tool when performing RGBA to YCbCr conversion
(converting non-YCbCr TIFF image to a YCbCr one) when processing
crafted rasted date of provided TIFF image file

Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat
Security Response Team

CVE MERGE'ing all the stack based buffer overflows into a single CVE.

CVE-2013-4231 libtiff v4.0.3 Stack-based buffer overflow (4 in total)

CVE-2013-4232 libtiff v4.0.3 use after free

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJSBbvrAAoJEBYNRVNeJnmTEzsP/0rhpyNeTtLiW5eV620dGj8Z
WFvNDMV+V1a1LnqxFmAl00Lcp/6o8CdZLIuNOCMS22jGAK56W32lNYGMtNCSUytj
nJNybYkF08mFkVtttVdXcV8ftMEStEEEelYRF+xotsrVFRi31bf5YgnQLkDpB2MM
1IGBiQ7wAkOIRCxrvR6lcL/7LlcfPKwqK1z02dFWMlS/nhANuTOdkct+Ea9MWp6a
iPKM5o/nnHAbeM5WRPsG5DQ+c99dJiEv/L9nW/+J8NbFwHlHshKRL1uvthernV4l
Xd/VhcPH+0VpX2kT8bB3DjEbxiAPQGHGLlFbxT0dNy5SJ9BsboeFRVUZpBazyvxa
88ygSemgwdbPAiUpcP7cZWtj5b3IN0tlHl7tejGzyyVXcw3pQtz0nQ+A5XA8Tb/E
SBuoubOYKlJRctqqsPQQNAlncuXGPoZ1Fbt8nt9qvtR55wv8GVYzfx1XMu8+lFis
MYQFA8o8JUzaTe5Q8H3a7/G79nKveTK/0Fd7evow/wiq+7PYSR1ntPJ85QP2kav8
F8cKz3+IdBknHNQ0Sdw6aJ7jF6t5PpmEHBtzVT8ZHf5U8YQRbE5yNJBPDbcfpfRq
41dCuKxDfc7SeTdpyF0Xz2jvIbdhOxj1Owq4IIfEgauNbGzX8q5MvEuIdwp7IFwT
ywg3WrIBvjYxPw9SJfDu
=k4i3
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]