LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for June 20, 2013

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

MeeGo alert MeeGo-SA-10:34 (libtiff)



From:
    	      "Ware, Ryan R" <ryan.r.ware@intel.com> 


To:
    	      "meego-security@meego.com" <meego-security@meego.com> 


Subject:
    	      [MeeGo-security] [MeeGo-SA-10:34.libtiff] Invalid
 ReferenceBlackWhite Values Allows DoS 


Date:
    	      Thu, 20 Jan 2011 11:30:08 -0700


Message-ID:
    	      <680CFAB4-4454-44FD-A45B-2EEF2519F731@intel.com>


Archive-link:
    	      Article, Thread
              


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
MeeGo-SA-10:34.libtiff                                      Security Advisory
                                                                MeeGo Project

Topic:          Invalid ReferenceBlackWhite Values Allows DoS

Category:       Graphics
Module:         libtiff
Announced:      October 9, 2010
Affects:        MeeGo 1.0
Corrected:      October 9, 2010
MeeGo BID:      6500
CVE:            CVE-2010-2595

For general information regarding MeeGo Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://www.MeeGo.com/>.

I.   Background

The libtiff package contains a library of functions for manipulating
TIFF (Tagged Image File Format) image format files.  TIFF is a widely
used file format for bitmapped images.  TIFF files usually end in the
.tif extension and they are often quite large.

II.  Problem Description

CVE-2010-2595: The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2,
as used in ImageMagick, does not properly handle invalid
ReferenceBlackWhite values, which allows remote attackers to cause a
denial of service (application crash) via a crafted TIFF image that
triggers an array index error, related to "downsampled OJPEG input."
CVSS v2 Base: 4.3 (MEDIUM)
Access Vector: Network exploitable; victim must voluntarily interact
with attack mechanism

III. Impact

CVE-2010-2497: Disruption of service due to input validation error (CWE-20)

IV.  Workaround

None

V.   Solution

Update to package libtiff-3.9.4-20.1 or later.

VI.  References

http://bugs.meego.com/show_bug.cgi?id=6500
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-...
http://cwe.mitre.org/data/definitions/20.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (Darwin)

iQEcBAEBAgAGBQJNN6kxAAoJEEsJm1wYvCMbSmoIAMM9aet4YsE7YAeqjwh1Jy4l
/SEdi/clkHIgxF/qq+aZsf6PO4d2Kp17EQIWvtv7Vnq3tLvkBLzjjjSKv8VVFHVY
7nfYhVB0cw+4lmnhyuWJQRQk7rjBW9S+Fq5U3pOmUb5lL4WQ6o9Kl6F/Rom/jvyV
RZ6BBGGXmnEWPE+iiX1DYAtzxlpkaPY0GOE9uFDWkaJ+WHIvLQf8ucqhCjvPfy5z
BChu6luJN7g1Mo6JMH1e97OZ5LxHf4g/5uqjBJbDb+VrcFhN1iRlgSgK5Q6OrenJ
Up3nvKC66+Nmn6a8ul+HMdVzT5hK+Ggp7pRknvK0syW+rqCYgJQXioUEOgw+O0o=
=CGoB
-----END PGP SIGNATURE-----
_______________________________________________
MeeGo-security mailing list
MeeGo-security@meego.com
http://lists.meego.com/listinfo/meego-security
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds