Issue metadata
Sign in to add a comment
|
CrOS: Vulnerability reported in media-libs/tiff |
||||||||||||||||||
Issue descriptionAutomated analysis has detected that the following third party packages have had vulnerabilities publicly reported. NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package. Package Name: media-libs/tiff Package Version: [cpe:/a:libtiff:libtiff:4.0.6 cpe:/a:libtiff:libtiff:4.0.7 cpe:/a:libtiff_project:libtiff:4.0.6 cpe:/a:libtiff_project:libtiff:4.0.7] Advisory: CVE-2016-10371 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-10371 CVSS severity score: 4.3/10.0 Confidence: high Description: The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file.
,
May 18 2017
Yes, and if this is indeed a matter of triggering an assertion than this shouldn't be a security bug. A major point of assertions is to avoid corrupted state and exit.
,
May 18 2017
Yes, and if this is indeed a matter of triggering an assertion than this shouldn't be a security bug.
,
May 18 2017
vapier@, can you look at this?
,
May 22 2017
this was handled as part of the large set of patches pulled in for issue 706349 CVE-2016-10371 refers to upstream bug 2535 and we pulled in the fix for that in "tiff-4.0.7- bug2535 .patch" confirmed this is in M-58+ already
,
May 23 2017
,
Aug 29 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jan 22 2018
,
Jun 21 2018
|
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by wfh@chromium.org
, May 18 2017Status: Assigned (was: Untriaged)