Bug#684233: tiff code embedded in gdal and possibly may be out of date and vulnerable
Silvio Cesare
silvio.cesare at gmail.com
Wed Aug 8 00:11:24 UTC 2012
Package: gdal
Severity: important
Tags: security
I have been working on a tool called Clonewise to automatically identify
embedded code copies in Debian packages and determine if they are out of
date and vulnerable. Ideally, embedding code and libraries should be
avoided and a system wide library should be used instead.
I recently ran the tool on Debian 6 stable. The results are here at
http://www.foocodechu.com/downloads/Clonewise-report.txt*
*The gdal package reported potential issues appended to this message.
Apologies if these are false positives. Your help in advising me on whether
these issues are real will help me improve the analysis for the future.
--
Silvio Cesare
Deakin University
### Summary:
###
tiff CLONED_IN_SOURCE gdal <unfixed> CVE-2010-2443
tiff CLONED_IN_SOURCE gdal <unfixed> CVE-2010-2596
tiff CLONED_IN_SOURCE gdal <unfixed> CVE-2010-2597
tiff CLONED_IN_SOURCE gdal <unfixed> CVE-2011-1167
### Reports by package:
###
# Package gdal may be vulnerable to the following issues:
#
CVE-2010-2443
CVE-2010-2596
CVE-2010-2597
CVE-2011-1167
# SUMMARY: The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF
before 3.9.3 allows remote attackers to cause a denial of service
(NULL pointer dereference and application crash) via an OJPEG image
with undefined strip offsets, related to the TIFFVGetField function.
#
# CVE-2010-2443 relates to a vulnerability in package tiff.
# The following source filenames are likely responsible:
# tifojpeg.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
tiff CLONED_IN_SOURCE gdal <unfixed> CVE-2010-2443
# SUMMARY: The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF
3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause
a denial of service (assertion failure and application exit) via a
crafted TIFF image, related to "downsampled OJPEG input."
#
# CVE-2010-2596 relates to a vulnerability in package tiff.
# The following source filenames are likely responsible:
# tifojpeg.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
tiff CLONED_IN_SOURCE gdal <unfixed> CVE-2010-2596
# SUMMARY: The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0
and 3.9.2 makes incorrect calls to the TIFFGetField function, which
allows remote attackers to cause a denial of service (application
crash) via a crafted TIFF image, related to "downsampled OJPEG input"
and possibly related to a compiler optimization that triggers a
divide-by-zero error.
#
# CVE-2010-2597 relates to a vulnerability in package tiff.
# The following source filenames are likely responsible:
# tifstrip.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
tiff CLONED_IN_SOURCE gdal <unfixed> CVE-2010-2597
# SUMMARY: Heap-based buffer overflow in the thunder (aka ThunderScan)
decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote
attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS
data in a .tiff file that has an unexpected BitsPerSample value.
#
# CVE-2011-1167 relates to a vulnerability in package tiff.
# The following source filenames are likely responsible:
# tifthunder.c
#
# The following package clones are tracked in the embedded-code-copies
# database. They have not been fixed.
#
tiff CLONED_IN_SOURCE gdal <unfixed> CVE-2011-1167
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-grass-devel/attachments/20120808/8c28f4ef/attachment.html>
More information about the Pkg-grass-devel
mailing list