New issue
Advanced search Search tips

Issue 739136 link

Starred by 1 user
Status: Fixed
Owner:
vapier@chromium.org
Closed: Jan 2018
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug



Sign in to add a comment

CrOS: Vulnerability reported in media-libs/tiff

Project Member Reported by vomit.go...@appspot.gserviceaccount.com, Jul 4 2017 
Automated analysis has detected that the following third party packages have had vulnerabilities publicly reported. 

NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package.

Package Name: media-libs/tiff
Package Version: [cpe:/a:libtiff:libtiff:4.0.6 cpe:/a:libtiff:libtiff:4.0.8 cpe:/a:libtiff_project:libtiff:4.0.6 cpe:/a:libtiff_project:libtiff:4.0.8]

Advisory: CVE-2017-10688
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-10688
  CVSS severity score: 5/10.0
  Confidence: high
  Description:

In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a remote denial of service attack.

Comment 1 Deleted

Comment 2 by raymes@chromium.org, Jul 11 2017

Components: Blink>Fonts
Labels: Security_Impact-Stable Security_Severity-Low

Comment 3 by kerrnel@chromium.org, Jan 30 2018

Labels: -Type-Bug-Security -Vomit -Restrict-View-SecurityTeam -Security_Severity-Low -Security_Impact-Stable -ComponentOSKernel Type-Bug
DoS bugs aren't considered security bugs and especially triggering an abort(), since those are there to check for invalid conditions.

Comment 4 by vapier@chromium.org, Jan 30 2018

Status: Fixed (was: Assigned)
R65 is already up on tiff-4.0.9.  R64 is using tiff-4.0.8.

that said, i think R64 also has the fix for this:
  https://chromium-review.googlesource.com/683677

Sign in to add a comment