Bug#684244: tiff code embedded in opencv and possibly may be out of date and vulnerable

Silvio Cesare silvio.cesare at gmail.com
Wed Aug 8 02:01:04 UTC 2012


Package: opencv
Severity: important
Tags: security

I have been working on a tool called Clonewise to automatically identify
embedded code copies in Debian packages and determine if they are out of
date and vulnerable. Ideally, embedding code and libraries should be
avoided and a system wide library should be used instead.

I recently ran the tool on Debian 6 stable. The results are here at
http://www.foocodechu.com/downloads/Clonewise-report.txt*

*The opencv package reported potential issues appended to this message.

The analysis tries to justify why it believes a library or code is embedded
in the package and if the relationship is not already being tracked by
Debian in the embedded-code-copies database it shows the files that are
shared between the two pieces of software.

Apologies if these are false positives. Your help in advising me on whether
these issues are real will help me improve the analysis for the future.

--
Silvio Cesare
Deakin University

### Summary:
###

tiff CLONED_IN_SOURCE opencv <unfixed> CVE-2010-2597
tiff CLONED_IN_SOURCE opencv <unfixed> CVE-2011-1167

### Reports by package:
###
# Package opencv may be vulnerable to the following issues:
#
	CVE-2010-2597
	CVE-2011-1167


# SUMMARY: The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0
and 3.9.2 makes incorrect calls to the TIFFGetField function, which
allows remote attackers to cause a denial of service (application
crash) via a crafted TIFF image, related to "downsampled OJPEG input"
and possibly related to a compiler optimization that triggers a
divide-by-zero error.
#

# CVE-2010-2597 relates to a vulnerability in package tiff.
# The following source filenames are likely responsible:
#	tifstrip.c
#

# The following package clones are NOT tracked in the embedded-code-copies
# database.
#

tiff CLONED_IN_SOURCE opencv <unfixed> CVE-2010-2597
		MATCH dummy.c/dummy.c (4.760419)
		MATCH sgisv.c/sgesv.c (9.117128)
		MATCH tifapple.c/tifapple.c (7.245326)
		MATCH tifaux.c/tifaux.c (6.865836)
		MATCH tifclose.c/tifclose.c (6.865836)
		MATCH tifcodec.c/tifcodec.c (6.977062)
		MATCH tifcolor.c/tifcolor.c (7.102225)
		MATCH tifcompress.c/tifcompress.c (6.865836)
		MATCH tifdir.c/tifdir.c (6.865836)
		MATCH tifdirinfo.c/tifdirinfo.c (6.865836)
		MATCH tifdirread.c/tifdirread.c (6.865836)
		MATCH tifdirwrite.c/tifdirwrite.c (6.865836)
		MATCH tifdumpmode.c/tifdumpmode.c (6.865836)
		MATCH tiferror.c/tiferror.c (6.865836)
		MATCH tifextension.c/tifextension.c (7.102225)
		MATCH tiffax.c/tiffax.c (6.865836)
		MATCH tiffaxsm.c/tiffaxsm.c (7.245326)
		MATCH tiffile.c/tiftile.c (6.865836)
		MATCH tifflush.c/tifflush.c (6.865836)
		MATCH tiffstream.c/tifstream.c (7.864365)
		MATCH tifgetimage.c/tifgetimage.c (6.865836)
		MATCH tifjpeg.c/tifjpeg.c (6.865836)
		MATCH tifluv.c/tifluv.c (6.977062)
		MATCH tiflzw.c/tiflzw.c (6.865836)
		MATCH tifnext.c/tifnext.c (6.865836)
		MATCH tifopen.c/tifopen.c (6.865836)
		MATCH tifpackbits.c/tifpackbits.c (6.865836)
		MATCH tifpixarlog.c/tifpixarlog.c (6.977062)
		MATCH tifpredict.c/tifpredict.c (6.977062)
		MATCH tifprint.c/tifprint.c (6.865836)
		MATCH tifread.c/tifread.c (6.865836)
		MATCH tifstrip.c/tifstrip.c (6.865836)
		MATCH tifswab.c/tifswab.c (6.814543)
		MATCH tifthunder.c/tifthunder.c (6.865836)
		MATCH tifunix.c/tifunix.c (7.102225)
		MATCH tifversion.c/tifversion.c (6.865836)
		MATCH tifwarning.c/tifwarning.c (6.865836)
		MATCH tifwin.c/tifwin.c (7.102225)
		MATCH tifwrite.c/tifwrite.c (6.865836)
		MATCH tifzip.c/tifzip.c (6.977062)
# SUMMARY: Heap-based buffer overflow in the thunder (aka ThunderScan)
decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote
attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS
data in a .tiff file that has an unexpected BitsPerSample value.
#

# CVE-2011-1167 relates to a vulnerability in package tiff.
# The following source filenames are likely responsible:
#	tifthunder.c
#

# The following package clones are NOT tracked in the embedded-code-copies
# database.
#

tiff CLONED_IN_SOURCE opencv <unfixed> CVE-2011-1167
		MATCH dummy.c/dummy.c (4.760419)
		MATCH sgisv.c/sgesv.c (9.117128)
		MATCH tifapple.c/tifapple.c (7.245326)
		MATCH tifaux.c/tifaux.c (6.865836)
		MATCH tifclose.c/tifclose.c (6.865836)
		MATCH tifcodec.c/tifcodec.c (6.977062)
		MATCH tifcolor.c/tifcolor.c (7.102225)
		MATCH tifcompress.c/tifcompress.c (6.865836)
		MATCH tifdir.c/tifdir.c (6.865836)
		MATCH tifdirinfo.c/tifdirinfo.c (6.865836)
		MATCH tifdirread.c/tifdirread.c (6.865836)
		MATCH tifdirwrite.c/tifdirwrite.c (6.865836)
		MATCH tifdumpmode.c/tifdumpmode.c (6.865836)
		MATCH tiferror.c/tiferror.c (6.865836)
		MATCH tifextension.c/tifextension.c (7.102225)
		MATCH tiffax.c/tiffax.c (6.865836)
		MATCH tiffaxsm.c/tiffaxsm.c (7.245326)
		MATCH tiffile.c/tiftile.c (6.865836)
		MATCH tifflush.c/tifflush.c (6.865836)
		MATCH tiffstream.c/tifstream.c (7.864365)
		MATCH tifgetimage.c/tifgetimage.c (6.865836)
		MATCH tifjpeg.c/tifjpeg.c (6.865836)
		MATCH tifluv.c/tifluv.c (6.977062)
		MATCH tiflzw.c/tiflzw.c (6.865836)
		MATCH tifnext.c/tifnext.c (6.865836)
		MATCH tifopen.c/tifopen.c (6.865836)
		MATCH tifpackbits.c/tifpackbits.c (6.865836)
		MATCH tifpixarlog.c/tifpixarlog.c (6.977062)
		MATCH tifpredict.c/tifpredict.c (6.977062)
		MATCH tifprint.c/tifprint.c (6.865836)
		MATCH tifread.c/tifread.c (6.865836)
		MATCH tifstrip.c/tifstrip.c (6.865836)
		MATCH tifswab.c/tifswab.c (6.814543)
		MATCH tifthunder.c/tifthunder.c (6.865836)
		MATCH tifunix.c/tifunix.c (7.102225)
		MATCH tifversion.c/tifversion.c (6.865836)
		MATCH tifwarning.c/tifwarning.c (6.865836)
		MATCH tifwin.c/tifwin.c (7.102225)
		MATCH tifwrite.c/tifwrite.c (6.865836)
		MATCH tifzip.c/tifzip.c (6.977062)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/debian-science-maintainers/attachments/20120808/35a7a91a/attachment-0001.html>


More information about the debian-science-maintainers mailing list