Issue metadata
Sign in to add a comment
|
CrOS: Vulnerability reported in media-libs/tiff |
||||||||||||||||||||
Issue descriptionAutomated analysis has detected that the following third party packages have had vulnerabilities publicly reported. NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package. Package Name: media-libs/tiff Package Version: [cpe:/a:libtiff:libtiff:4.0.6 cpe:/a:libtiff:libtiff:4.0.8 cpe:/a:libtiff_project:libtiff:4.0.6 cpe:/a:libtiff_project:libtiff:4.0.8] Advisory: CVE-2018-5360 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2018-5360 CVSS severity score: 6.8/10.0 Confidence: high Description: LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.
,
Feb 5 2018
We've seen false reports for tiff before, e.g. issue 781594 . Might be some meta data tagging error somewhere? https://vomit.googleplex.com/advisory?id=CVE/CVE-2018-5360 mentions a suspiciously version-lacking "cpe:/a:libtiff:libtiff:-" as a reference, maybe that is causing this?
,
Feb 8 2018
,
Mar 12 2018
,
May 15 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by vapier@chromium.org
, Feb 5 2018Status: Fixed (was: Untriaged)