Date: Wed, 13 Oct 2004 16:45:13 +0200
From: Thierry Carrez <koon@gentoo.org>
To: gentoo-announce@gentoo.org
Subject: [ GLSA 200410-11 ] tiff: Buffer overflows in image decoding
Cc: bugtraq@securityfocus.com, full-disclosure@lists.netsys.com,
security-alerts@linuxsecurity.com
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig77A9C45D30841683A1E60C7E
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200410-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: tiff: Buffer overflows in image decoding
Date: October 13, 2004
ID: 200410-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple heap-based overflows have been found in the tiff library image
decoding routines, potentially allowing to execute arbitrary code with
the rights of the user viewing a malicious image.
Background
==========
The tiff library contains encoding and decoding routines for the Tag
Image File Format. It is called by numerous programs, including GNOME
and KDE, to help in displaying TIFF images. xv is a multi-format image
manipulation utility that is statically linked to the tiff library.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-libs/tiff < 3.6.1-r2 >= 3.6.1-r2
2 media-gfx/xv <= 3.10a-r7 >= 3.10a-r8
-------------------------------------------------------------------
2 affected packages on all of their supported architectures.
-------------------------------------------------------------------
Description
===========
Chris Evans found heap-based overflows in RLE decoding routines in
tif_next.c, tif_thunder.c and potentially tif_luv.c.
Impact
======
A remote attacker could entice a user to view a carefully crafted TIFF
image file, which would potentially lead to execution of arbitrary code
with the rights of the user viewing the image. This affects any program
that makes use of the tiff library, including GNOME and KDE web
browsers or mail readers.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All tiff library users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=media-libs/tiff-3.6.1-r2"
# emerge ">=media-libs/tiff-3.6.1-r2"
xv makes use of the tiff library and needs to be recompiled to receive
the new patched version of the library. All xv users should also
upgrade to the latest version:
# emerge sync
# emerge -pv ">=media-gfx/xv-3.10a-r8"
# emerge ">=media-gfx/xv-3.10a-r8"
References
==========
[ 1 ] CAN-2004-0803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200410-11.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2004 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/1.0
--------------enig77A9C45D30841683A1E60C7E
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBbT9/vcL1obalX08RAjEpAJ9ZGFVR5am2n014FGPqDGqY8yz+tgCfX8YO
yyESfI+5aFrut8VfGWE5oHc=
=2IQA
-----END PGP SIGNATURE-----
--------------enig77A9C45D30841683A1E60C7E--
