Issue metadata
Sign in to add a comment
|
CrOS: Vulnerability reported in media-libs/tiff |
||||||||||||||||||||||
Issue descriptionAutomated analysis has detected that the following third party packages have had vulnerabilities publicly reported. NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package. Package Name: media-libs/tiff Package Version: [cpe:/a:libtiff:libtiff:4.0.6 cpe:/a:libtiff:libtiff:4.0.7 cpe:/a:libtiff_project:libtiff:4.0.6 cpe:/a:libtiff_project:libtiff:4.0.7] Advisory: CVE-2017-7592 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-7592 CVSS severity score: 6.8/10.0 Confidence: high Description: The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. Advisory: CVE-2017-7593 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-7593 CVSS severity score: 4.3/10.0 Confidence: high Description: tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image. Advisory: CVE-2017-7594 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-7594 CVSS severity score: 4.3/10.0 Confidence: high Description: The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image. Advisory: CVE-2017-7595 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-7595 CVSS severity score: 4.3/10.0 Confidence: high Description: The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. Advisory: CVE-2017-7596 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-7596 CVSS severity score: 6.8/10.0 Confidence: high Description: LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. Advisory: CVE-2017-7597 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-7597 CVSS severity score: 6.8/10.0 Confidence: high Description: tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. Advisory: CVE-2017-7598 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-7598 CVSS severity score: 4.3/10.0 Confidence: high Description: tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. Advisory: CVE-2017-7599 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-7599 CVSS severity score: 6.8/10.0 Confidence: high Description: LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. Advisory: CVE-2017-7600 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-7600 CVSS severity score: 6.8/10.0 Confidence: high Description: LibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. Advisory: CVE-2017-7601 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-7601 CVSS severity score: 6.8/10.0 Confidence: high Description: LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. Advisory: CVE-2017-7602 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-7602 CVSS severity score: 6.8/10.0 Confidence: high Description: LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
,
Apr 14 2017
,
Apr 15 2017
,
Apr 18 2017
I'm marking this severity-medium due to CVE-2017-7594.
,
Apr 18 2017
,
Apr 18 2017
,
Apr 18 2017
npm@ has handled a lot of the libtiff security issues. npm@ can you take a look please?
,
Apr 18 2017
Have these patches been applied to Chrome OS tiff? The security impact for PDFium is None because we only use libtiff on XFA, which is disabled.
,
Apr 18 2017
i've applied the patches to Gentoo, and then pulled those updates back into CrOS: https://chromium-review.googlesource.com/475630
,
Apr 18 2017
oh, another tiff bug. whoo! i cherry picked back a crap ton of upstream patches for issue 706349 : https://chromium-review.googlesource.com/473848 basically getting us in sync with upstream tiff up to 25 Feb 2017 (they haven't made any commits since then). as for which commits correlate to which CVEs, i honestly have no idea ... there were about 36 commits i pulled back, and upstream rarely put info in there saying what CVEs they were addressing. and the CVE reports rarely refer to commits, but to bugs, or just some high level description.
,
Apr 18 2017
,
Apr 18 2017
So... are there any outstanding patches? c#10 seems to suggest "no".
,
Apr 18 2017
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/152bfe0f60763263e8bf7292762885eb2aec9b85 commit 152bfe0f60763263e8bf7292762885eb2aec9b85 Author: Nicolas Pena <npm@chromium.org> Date: Tue Apr 18 20:24:11 2017 Libtiff upstream: _TIFFcalloc addition Upstream commit: https://github.com/vadz/libtiff/commit/d60332057b9575ada4f264489582b13e30137be1 Bug: chromium:711638 Change-Id: I46de1a00f9bb8d5de8df64ec78a9d62dcb4352ed Reviewed-on: https://pdfium-review.googlesource.com/4310 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org> [modify] https://crrev.com/152bfe0f60763263e8bf7292762885eb2aec9b85/core/fxcrt/fx_memory.h [modify] https://crrev.com/152bfe0f60763263e8bf7292762885eb2aec9b85/core/fxcodec/codec/ccodec_tiffmodule.cpp [modify] https://crrev.com/152bfe0f60763263e8bf7292762885eb2aec9b85/third_party/libtiff/tiffio.h [modify] https://crrev.com/152bfe0f60763263e8bf7292762885eb2aec9b85/core/fxcrt/fx_basic_memmgr.cpp [add] https://crrev.com/152bfe0f60763263e8bf7292762885eb2aec9b85/third_party/libtiff/0022-upstream-patch-0012.patch [modify] https://crrev.com/152bfe0f60763263e8bf7292762885eb2aec9b85/third_party/libtiff/README.pdfium [modify] https://crrev.com/152bfe0f60763263e8bf7292762885eb2aec9b85/third_party/libtiff/tif_read.c
,
Apr 18 2017
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium/+/ac07d340069e2f6e50d1e9aeae7140ce4d20a7de commit ac07d340069e2f6e50d1e9aeae7140ce4d20a7de Author: Nicolas Pena <npm@chromium.org> Date: Tue Apr 18 22:04:19 2017 Libtiff upstream security fixes Upstream patches applied: https://github.com/vadz/libtiff/commit/47f2fb61a3a64667bce1a8398a8fcb1b348ff122 https://github.com/vadz/libtiff/commit/0abd094b6e5079c4d8be733829240491cb230f3d https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490 https://github.com/vadz/libtiff/commit/3cfd62d77c2a7e147a05bd678524c345fa9c2bb8 https://github.com/vadz/libtiff/commit/0a76a8c765c7b8327c59646284fa78c3c27e5490 https://github.com/vadz/libtiff/commit/66e7bd59520996740e4df5495a830b42fae48bc4 Bug: chromium:711638 Change-Id: I017bfa91f7682c190bd7f8dbe36c2c3d1ac68728 Reviewed-on: https://pdfium-review.googlesource.com/4313 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org> [modify] https://crrev.com/ac07d340069e2f6e50d1e9aeae7140ce4d20a7de/third_party/libtiff/tif_jpeg.c [modify] https://crrev.com/ac07d340069e2f6e50d1e9aeae7140ce4d20a7de/third_party/libtiff/tif_dir.c [add] https://crrev.com/ac07d340069e2f6e50d1e9aeae7140ce4d20a7de/third_party/libtiff/0023-upstream-security-fixes.patch [modify] https://crrev.com/ac07d340069e2f6e50d1e9aeae7140ce4d20a7de/third_party/libtiff/tif_dirread.c [modify] https://crrev.com/ac07d340069e2f6e50d1e9aeae7140ce4d20a7de/third_party/libtiff/tif_dirwrite.c [modify] https://crrev.com/ac07d340069e2f6e50d1e9aeae7140ce4d20a7de/third_party/libtiff/README.pdfium [modify] https://crrev.com/ac07d340069e2f6e50d1e9aeae7140ce4d20a7de/third_party/libtiff/tif_read.c
,
Apr 19 2017
Fixed on PDFium's libtiff
,
Apr 20 2017
,
Jul 27 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jan 22 2018
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by nparker@chromium.org
, Apr 14 2017Components: Internals>Plugins>PDF
Owner: tsepez@chromium.org