Issue metadata
Sign in to add a comment
|
CrOS: Vulnerability reported in media-libs/tiff |
||||||||||||||||||||
Issue descriptionAutomated analysis has detected that the following third party packages have had vulnerabilities publicly reported. NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package. Package Name: media-libs/tiff Package Version: [cpe:/a:libtiff:libtiff:4.0.6 cpe:/a:libtiff:libtiff:4.0.8 cpe:/a:libtiff_project:libtiff:4.0.6 cpe:/a:libtiff_project:libtiff:4.0.8] Advisory: CVE-2017-12944 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-12944 CVSS severity score: 5/10.0 Confidence: high Description: The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation.
,
Aug 29 2017
,
Aug 29 2017
,
Sep 27 2017
friendly ping!
,
Oct 18 2017
,
Dec 7 2017
,
Dec 11 2017
This is a DoS so SecSev-Low. We can attempt M65.
,
Jan 10 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/portage-stable/+/32d28d0449151f6c3140b72d34e7423e0ce34d16 commit 32d28d0449151f6c3140b72d34e7423e0ce34d16 Author: Mike Frysinger <vapier@chromium.org> Date: Wed Jan 10 10:49:03 2018 tiff: update to 4.0.9 BUG=chromium:751063, chromium:759289 , chromium:799706 TEST=precq passes Change-Id: I2871b8fe556f5c3201ce3b3a9fd773978b76fc92 Reviewed-on: https://chromium-review.googlesource.com/857427 Commit-Ready: Mike Frysinger <vapier@chromium.org> Tested-by: Mike Frysinger <vapier@chromium.org> Reviewed-by: Chirantan Ekbote <chirantan@chromium.org> [modify] https://crrev.com/32d28d0449151f6c3140b72d34e7423e0ce34d16/media-libs/tiff/Manifest [delete] https://crrev.com/d314c95aef375cd7d1e31471be909771011d341a/media-libs/tiff/files/tiff-4.0.8-CVE-2017-13726.patch [delete] https://crrev.com/d314c95aef375cd7d1e31471be909771011d341a/media-libs/tiff/files/tiff-4.0.7-pdfium-0017-safe_skews_in_gtTileContig.patch [delete] https://crrev.com/d314c95aef375cd7d1e31471be909771011d341a/media-libs/tiff/files/tiff-4.0.8-CVE-2017-9936.patch [delete] https://crrev.com/d314c95aef375cd7d1e31471be909771011d341a/media-libs/tiff/files/tiff-4.0.7-pdfium-0005-Leak-TIFFFetchStripThing.patch [delete] https://crrev.com/d314c95aef375cd7d1e31471be909771011d341a/media-libs/tiff/tiff-4.0.8-r2.ebuild [delete] https://crrev.com/d314c95aef375cd7d1e31471be909771011d341a/media-libs/tiff/files/tiff-4.0.8-CVE-2017-13727.patch [rename] https://crrev.com/32d28d0449151f6c3140b72d34e7423e0ce34d16/media-libs/tiff/tiff-4.0.9.ebuild
,
Jan 10 2018
we stopped shipping tiff2pdf, so if that's the only attack route, not going to bother cherry picking back
,
Jan 11 2018
,
Apr 19 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by ta...@google.com
, Aug 28 2017Labels: Security_Severity-Medium Security_Impact-Stable
Owner: vapier@chromium.org
Status: Assigned (was: Untriaged)