| ||||||||||||||||
MeeGo alert MeeGo-SA-10:20 (libtiff)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== == MeeGo-SA-10:20.libtiff Security Advisory MeeGo Project Topic: Multiple Vulnerabilities in libtiff Category: Graphics Module: libtiff Announced: August 3, 2010 Affects: MeeGo 1.0 Corrected: August 3, 2010 MeeGo BID: 3623, 3626 & 3627 CVE: CVE-2010-2065, CVE-2010-2067, CVE-2010-2443 For general information regarding MeeGo Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://www.MeeGo.com/>. I. Background The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. II. Problem Description CVE-2010-2065: Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF file that triggers a buffer overflow. CVSS v2 Base: 6.8 (MEDIUM) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-2067: Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file. CVSS v2 Base: 6.8 (MEDIUM) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-2443: The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an OJPEG image with undefined strip offsets, related to the TIFFVGetField function. CVSS v2 Base: 5.0 (MEDIUM) Access Vector: Network exploitable III. Impact CVE-2010-2065: Denial of service or arbitrary code execution via numeric errors (CWE-189) CVE-2010-2067: Denial of service or arbitrary code execution via buffer errors (CWE-119) CVE-2010-2443: Denial of service. IV. Workaround None V. Solution Update to package libtiff-3.9.4-18.1 or later. VI. References http://bugs.meego.com/show_bug.cgi?id=3623 http://bugs.meego.com/show_bug.cgi?id=3626 http://bugs.meego.com/show_bug.cgi?id=3627 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://cwe.mitre.org/data/definitions/189.html http://cwe.mitre.org/data/definitions/119.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.13 (Darwin) iQEcBAEBAgAGBQJMeEQMAAoJECxjfBlj7RcKCGAIAJRJxue9PLDrapf5Vblfy0t1 NVAewaAObdy3j8MmN1kJJtn4QUOkCyI6JBz5+X6+Hyd6/EbjHdnzZEPqYVWEwlFv CLlCqh0UA5QA4xSnYLEld0CxATtZTOHIhA7UYKZPHtqrHhtbpv95LSCxNVK5gIgj RbmRBGKxznDwYfeC/7qHKemIfobDyCSbBI11EwS0cX7XvdV1dX9PIyexhD3cuXA3 SV1LTs4vmXIaEMG27OEZA2Unk5NAvwi9GmjU8rn/6EQ/bK0OuHFOA2fQCF+bhmIH 3zSrZicMpTLSO2diTTRZGndUn7IeVitqKFsKvU/x/dxeZoRdIZ1gpL3IDIX/lYE= =wC/O -----END PGP SIGNATURE----- _______________________________________________ MeeGo-security mailing list MeeGo-security@meego.com http://lists.meego.com/listinfo/meego-security (Log in to post comments)
|
||||||||||||||||