|
Message-ID: <5181E9D3.6000301@redhat.com> Date: Thu, 02 May 2013 09:51:39 +0530 From: Huzaifa Sidhpurwala <huzaifas@...hat.com> To: oss-security@...ts.openwall.com Subject: Fwd: Two libtiff (tiff2pdf flaws) Re-sending -------- Original Message -------- Subject: Two libtiff (tiff2pdf flaws) Date: Thu, 02 May 2013 09:30:26 +0530 From: Huzaifa Sidhpurwala <huzaifas@...hat.com> To: oss-security@...ts.openwall.com Hi all, Two flaws were reported to us in tiff2pdf utility shipped with the libtiff library. Details as follows: 1. CVE-2013-1961 libtiff (tiff2pdf): Stack-based buffer overflow with malformed image-length and resolution A stack-based buffer overflow was found in the way tiff2pdf, a TIFF image to a PDF document conversion tool, of libtiff, a library of functions for manipulating TIFF (Tagged Image File Format) image format files, performed write of TIFF image content into particular PDF document file, when malformed image-length and resolution values are used in the TIFF file. A remote attacker could provide a specially- crafted TIFF image format file, that when processed by tiff2pdf would lead to tiff2pdf executable crash. Reference: https://bugzilla.redhat.com/show_bug.cgi?id=952131 2. CVE-2013-1960 libtiff (tiff2pdf): Heap-based buffer overflow in t2_process_jpeg_strip() A heap-based buffer overflow flaw was found in the way tiff2pdf, a TIFF image to a PDF document conversion tool, of libtiff, a library of functions for manipulating TIFF (Tagged Image File Format) image format files, performed write of TIFF image content into particular PDF document file, in the tp_process_jpeg_strip() function. A remote attacker could provide a specially-crafted TIFF image format file, that when processed by tiff2pdf would lead to tiff2pdf executable crash or, potentially, arbitrary code execution with the privileges of the user running the tiff2pdf binary. Reference: https://bugzilla.redhat.com/show_bug.cgi?id=952158 The enclosed bugs contains the relevant patches. -- Huzaifa Sidhpurwala / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.