Bug 10689

Summary: Multiple vulnerabilities in libtiff (CVE-2013-1960, CVE-2013-1961)
Product: Mageia Reporter: Oden Eriksson <oe>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED DUPLICATE QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: luigiwalser
Version: 2   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
Whiteboard:
Source RPM: libtiff CVE:
Status comment:

Description Oden Eriksson 2013-07-04 10:21:19 CEST 
======================================================
Name: CVE-2013-1960
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1960
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[oss-security] 20130502 Fwd: Two libtiff (tiff2pdf flaws)
Reference: URL:http://seclists.org/oss-sec/2013/q2/254
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=952158
Reference: DEBIAN:DSA-2698
Reference: URL:http://www.debian.org/security/2013/dsa-2698
Reference: SUSE:openSUSE-SU-2013:0922
Reference: URL:http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html
Reference: SUSE:openSUSE-SU-2013:0944
Reference: URL:http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html
Reference: SECUNIA:53237
Reference: URL:http://secunia.com/advisories/53237
Reference: SECUNIA:53765
Reference: URL:http://secunia.com/advisories/53765

Heap-based buffer overflow in the tp_process_jpeg_strip function in
tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause
a denial of service (crash) and possibly execute arbitrary code via a
crafted TIFF image file.



======================================================
Name: CVE-2013-1961
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1961
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[oss-security] 20130502 Fwd: Two libtiff (tiff2pdf flaws)
Reference: URL:http://seclists.org/oss-sec/2013/q2/254
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=952131
Reference: DEBIAN:DSA-2698
Reference: URL:http://www.debian.org/security/2013/dsa-2698
Reference: SUSE:openSUSE-SU-2013:0922
Reference: URL:http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html
Reference: SUSE:openSUSE-SU-2013:0944
Reference: URL:http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html
Reference: SECUNIA:53237
Reference: URL:http://secunia.com/advisories/53237
Reference: SECUNIA:53765
Reference: URL:http://secunia.com/advisories/53765

Stack-based buffer overflow in the t2p_write_pdf_page function in
tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a
denial of service (application crash) via a crafted image length and
resolution in a TIFF image file.


Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2013-07-04 17:33:58 CEST 
Fixed two months ago.

*** This bug has been marked as a duplicate of bug 9970 ***

Status: NEW => RESOLVED
CC: (none) => luigiwalser
Resolution: (none) => DUPLICATE

Comment 2 Oden Eriksson 2013-07-04 20:09:05 CEST 
whoops :-)