Issue metadata
Sign in to add a comment
|
CrOS: Vulnerability reported in media-libs/tiff |
||||||||||||||||||||||
Issue descriptionAutomated analysis has detected that the following third party packages have had vulnerabilities publicly reported. NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package. Package Name: media-libs/tiff Package Version: [cpe:/a:libtiff:libtiff:4.0.6 cpe:/a:libtiff:libtiff:4.0.8 cpe:/a:libtiff_project:libtiff:4.0.6 cpe:/a:libtiff_project:libtiff:4.0.8] Advisory: CVE-2017-13726 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-13726 CVSS severity score: 4.3/10.0 Confidence: high Description: There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. Advisory: CVE-2017-13727 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-13727 CVSS severity score: 4.3/10.0 Confidence: high Description: There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.
,
Aug 31 2017
Denial of service is Low. There's no libtiff release with the patches, so we might need to cherry-pick them.
,
Sep 5 2017
TIFF is used by the scanning subsystem so OS>Systems.
,
Sep 6 2017
PDFium also uses libtiff -- does it use the same version? Looks like it's also at 4.0.8. vapier, please take a look, and we can file a separate bug if appropriate.
,
Sep 6 2017
+npm who has been taking care of PDFium's libtiff, which is XFA only and not shipped to users currently. We may want to file a separate bug for PDFium's libtiff use and block bug 62400 with that.
,
Dec 19 2017
https://chromium-review.googlesource.com/#/c/chromiumos/overlays/portage-stable/+/834908 fixes CrOS.
,
Dec 20 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/portage-stable/+/3f47fdc2d990649d97dd8f01a44fe24fae61981b commit 3f47fdc2d990649d97dd8f01a44fe24fae61981b Author: Jorge Lucangeli Obes <jorgelo@chromium.org> Date: Wed Dec 20 18:14:48 2017 tiff: Add patches for CVE-2017-1372{6,7}. Add patches from upstream to fix CVE-2017-1372{6,7}. Modified the patches remove the changes to the ChangeLog file since they were causing a conflict. Upstream patches: https://gitlab.com/libtiff/libtiff/commit/fe7f0e43ee9e17fdba241c65cb3ad34843312e06 https://gitlab.com/libtiff/libtiff/commit/4958e19faedbda5da699a61009e6c774884d6f8a BUG= chromium:760914 TEST=Build on caroline. Change-Id: Ifd32a767569e341687fe5bbcb8d27cd1a766ad44 Reviewed-on: https://chromium-review.googlesource.com/834908 Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org> Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Chirantan Ekbote <chirantan@chromium.org> [rename] https://crrev.com/3f47fdc2d990649d97dd8f01a44fe24fae61981b/media-libs/tiff/tiff-4.0.8-r2.ebuild [modify] https://crrev.com/3f47fdc2d990649d97dd8f01a44fe24fae61981b/media-libs/tiff/tiff-4.0.8.ebuild [add] https://crrev.com/3f47fdc2d990649d97dd8f01a44fe24fae61981b/media-libs/tiff/files/tiff-4.0.8-CVE-2017-13727.patch [add] https://crrev.com/3f47fdc2d990649d97dd8f01a44fe24fae61981b/media-libs/tiff/files/tiff-4.0.8-CVE-2017-13726.patch
,
Dec 20 2017
,
Dec 21 2017
,
Mar 29 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by est...@chromium.org
, Aug 31 2017Status: Assigned (was: Untriaged)