Bug 818117 - VUL-0: libtiff: CVE-2013-1961: Stack-based buffer overflow with malformed image-length and resolution
VUL-0: libtiff: CVE-2013-1961: Stack-based buffer overflow with malformed ima...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
maint:running:52304:moderate maint:r...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-05-02 09:31 UTC by Alexander Bergmann
Modified: 2013-11-07 12:55 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2013-05-02 09:31:47 UTC
Public via oss-security:

Date: Thu, 02 May 2013 09:30:26 +0530
From: Huzaifa Sidhpurwala
Subject: [oss-security] Two libtiff (tiff2pdf flaws)

CVE-2013-1961 libtiff (tiff2pdf): Stack-based buffer overflow with
malformed image-length and resolution

A stack-based buffer overflow was found in the way tiff2pdf, a TIFF
image to a PDF document conversion tool, of libtiff, a library of
functions for manipulating TIFF (Tagged Image File Format) image format
files, performed write of TIFF image content into particular PDF
document file, when malformed image-length and resolution values are
used in the TIFF file. A remote attacker could provide a specially-
crafted TIFF image format file, that when processed by tiff2pdf would
lead to tiff2pdf executable crash.

Reference: https://bugzilla.redhat.com/show_bug.cgi?id=952131

-----

This bug was previously tracked in bug#817573

Patches are available in bug#817573#c6 and bug#817573#c7.
Comment 1 Swamp Workflow Management 2013-05-02 22:00:08 UTC
bugbot adjusting priority
Comment 3 Petr Gajdos 2013-05-03 08:03:44 UTC
openSUSE: mr#174391
Comment 4 Petr Gajdos 2013-05-03 08:14:01 UTC
Reassigning to security team for future processing.

For details what patches I used, see 
https://bugzilla.novell.com/show_bug.cgi?id=817573#c15
Comment 5 Bernhard Wiedemann 2013-05-03 09:00:21 UTC
This is an autogenerated message for OBS integration:
This bug (818117) was mentioned in
https://build.opensuse.org/request/show/174392 Factory / tiff
Comment 7 Bernhard Wiedemann 2013-05-14 10:00:14 UTC
This is an autogenerated message for OBS integration:
This bug (818117) was mentioned in
https://build.opensuse.org/request/show/175544 Maintenance /
Comment 8 Swamp Workflow Management 2013-05-15 14:04:37 UTC
Update released for: libtiff, tiff
Products:
SUSE-CORE 9-SP3-TERADATA (x86_64)
Comment 9 Swamp Workflow Management 2013-05-15 14:05:01 UTC
Update released for: libtiff-devel, libtiff-devel-32bit, libtiff3, libtiff3-32bit, tiff, tiff-debuginfo, tiff-debugsource
Products:
SLE-SERVER 11-SP1-TERADATA (x86_64)
Comment 10 Swamp Workflow Management 2013-05-15 16:10:37 UTC
Update released for: libtiff, libtiff-32bit, libtiff-64bit, libtiff-devel, libtiff-devel-32bit, libtiff-devel-64bit, libtiff-x86, tiff, tiff-debuginfo
Products:
SLE-DESKTOP 10-SP4 (i386, x86_64)
SLE-SDK 10-SP4 (i386, ia64, ppc, s390x, x86_64)
SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
Comment 11 Swamp Workflow Management 2013-05-15 16:34:53 UTC
Update released for: libtiff-devel, libtiff-devel-32bit, libtiff3, libtiff3-32bit, libtiff3-x86, tiff, tiff-debuginfo, tiff-debugsource
Products:
SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP2 (i386, x86_64)
SLE-SDK 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP2 (i386, x86_64)
Comment 12 Swamp Workflow Management 2013-05-15 17:04:49 UTC
Update released for: libtiff, libtiff-32bit, libtiff-devel, libtiff-devel-32bit, tiff, tiff-debuginfo
Products:
SLE-SERVER 10-SP3-TERADATA (x86_64)
Comment 13 Bernhard Wiedemann 2013-05-20 04:00:24 UTC
This is an autogenerated message for OBS integration:
This bug (818117) was mentioned in
https://build.opensuse.org/request/show/176109 Evergreen:11.2 / tiff
Comment 14 Swamp Workflow Management 2013-05-21 14:04:40 UTC
openSUSE-SU-2013:0812-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 817573,818117
CVE References: CVE-2013-1960,CVE-2013-1961
Sources used:
openSUSE 12.1 (src):    tiff-3.9.5-8.17.1
Comment 15 Swamp Workflow Management 2013-05-21 15:04:48 UTC
openSUSE-SU-2013:0812-2: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 817573,818117
CVE References: CVE-2013-1960,CVE-2013-1961
Sources used:
openSUSE 12.2 (src):    tiff-4.0.2-1.16.1
Comment 16 Bernhard Wiedemann 2013-05-23 06:01:04 UTC
This is an autogenerated message for OBS integration:
This bug (818117) was mentioned in
https://build.opensuse.org/request/show/176384 Evergreen:11.2 / tiff
Comment 17 Swamp Workflow Management 2013-06-10 09:20:20 UTC
openSUSE-SU-2013:0922-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 817573,818117
CVE References: CVE-2013-1960,CVE-2013-1961
Sources used:
openSUSE 11.4 (src):    tiff-3.9.4-38.1
Comment 18 Swamp Workflow Management 2013-06-10 10:13:20 UTC
openSUSE-SU-2013:0944-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 817573,818117
CVE References: CVE-2013-1960,CVE-2013-1961
Sources used:
openSUSE 12.3 (src):    tiff-4.0.3-2.4.1
Comment 19 Marcus Meissner 2013-06-14 06:17:25 UTC
released stuff
Comment 20 Swamp Workflow Management 2013-11-07 12:55:18 UTC
Update released for: libtiff, libtiff-32bit, libtiff-devel, libtiff-devel-32bit, tiff, tiff-debuginfo
Products:
SLE-SERVER 10-SP3-LTSS (i386, s390x, x86_64)