User: Password:
|
|
Subscribe / Log in / New account

MeeGo alert MeeGo-SA-10:27 (libtiff)

From:  "Ware, Ryan R" <ryan.r.ware@intel.com>
To:  "meego-security@meego.com" <meego-security@meego.com>
Subject:  [MeeGo-security] [MeeGo-SA-10:27.libtiff] Multiple Vulnerabilities in Libtiff
Date:  Tue, 18 Jan 2011 20:54:01 -0700
Message-ID:  <8BAFCA8A-B7CB-4B3D-9D84-D17D9DC30F2C@intel.com>
Archive-link:  Article, Thread

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= MeeGo-SA-10:27.libtiff Security Advisory MeeGo Project Topic: Multiple Vulnerabilities in Libtiff Category: Graphics Module: libtiff Announced: September 3, 2010 Affects: MeeGo 1.0 Corrected: September 3, 2010 MeeGo BID: 5559, 5564, 5566, 5590, 5596 & 5598 CVE: CVE-2010-2597, CVE-2010-2596, CVE-2010-2630, CVE-2010-2631, CVE-2010-2482 & CVE-2010-2481 For general information regarding MeeGo Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://www.MeeGo.com/>. I. Background The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. II. Problem Description CVE-2010-2597: The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 makes incorrect calls to the TIFFGetField function, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image, related to "downsampled OJPEG input" and possibly related to a compiler optimization that triggers a divide-by-zero error. CVSS v2 Base: 4.3 (MEDIUM) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-2596: The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF image, related to "downsampled OJPEG input." CVSS v2 Base: 4.3 (MEDIUM) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-2630: The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481. CVSS v2 Base: 4.3 (MEDIUM) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-2631: LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481. CVSS v2 Base: 4.3 (MEDIUM) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-2482: LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443. CVSS v2 Base: 4.3 (MEDIUM) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-2481: The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file. CVSS v2 Base: 4.3 (MEDIUM) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism III. Impact CVE-2010-2597: Disruption of service and other unknown issues due to incorrect input validation (CWE-20) CVE-2010-2596: Disruption of service and other unknown issues due to incorrect input validation (CWE-20) CVE-2010-2630: Disruption of service and other unknown issues due to incorrect input validation (CWE-20) CVE-2010-2631: Disruption of service and other unknown issues due to incorrect input validation (CWE-20) CVE-2010-2482: Disruption of service and other unknown issues CVE-2010-2481: Disruption of service and other unknown issues due to buffer errors (CWE-119) IV. Workaround None V. Solution Update to package libtiff-3.9.4-19.1 or later. VI. References http://bugs.meego.com/show_bug.cgi?id=5559 http://bugs.meego.com/show_bug.cgi?id=5564 http://bugs.meego.com/show_bug.cgi?id=5566 http://bugs.meego.com/show_bug.cgi?id=5590 http://bugs.meego.com/show_bug.cgi?id=5596 http://bugs.meego.com/show_bug.cgi?id=5598 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://cwe.mitre.org/data/definitions/20.html http://cwe.mitre.org/data/definitions/119.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (Darwin) iQEcBAEBAgAGBQJNNlsOAAoJEEsJm1wYvCMbwIsH/1nBq0M2Xz5L24imGLJEC/yU Hi3ycqV5MNsAvP7n4lXOcOa6Z0oXo6H4aQltnT/mYHRs57YX/I0gAi6WXJ8r6U9i oiH989VnGfEHagAORt6juar3DDBHUdzu6Ok5ke5rxIThiGpFu6SsFU3cISiaVTaz qArXZurG+wk5OKolVARud0WweK8FBpwYIbXqg7qmG5dBZcZrvDR1n1/K5RwqY/KM zWUag9iJERyQzrbwWuRtfMYrAzqSZk74+B4D1EeD94c3JUUV2w3VFjl5+NL6mLZW gUCT4t18skqhTOF/ZfgqhgRbePbGiGB2zKNv48lH/eJQUzxWF1pe9w60OtKRvtg= =WCha -----END PGP SIGNATURE----- _______________________________________________ MeeGo-security mailing list MeeGo-security@meego.com http://lists.meego.com/listinfo/meego-security


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds