-
Committer:
Bazaar Package Importer
-
Author(s):
Martin Pitt
-
Date:
2006-08-02 13:27:14 UTC
-
Revision ID:
james.westby@ubuntu.com-20060802132714-n28k6r73oj9c9yck
Tags: 3.7.4-1ubuntu3.2
* SECURITY UPDATE: Arbitrary code execution with crafted TIFF files, found
by Tavis Ormandy of the Google Security Team.
* Add debian/patches/CVE-2006-3459-3465.patch:
- CVE-2006-3459: a stack buffer overflow via TIFFFetchShortPair() in
tif_dirread.c
- CVE-2006-3460: A heap overflow vulnerability was discovered in the
jpeg decoder
- CVE-2006-3461: A heap overflow exists in the PixarLog decoder
- CVE-2006-3462: The NeXT RLE decoder was also vulnerable to a heap
overflow
- CVE-2006-3463: An infinite loop was discovered in
EstimateStripByteCounts()
- CVE-2006-3464: Multiple unchecked arithmetic operations were
uncovered, including a number of the range checking operations
deisgned to ensure the offsets specified in tiff directories are
legitimate.
- A number of codepaths were uncovered where assertions did not hold
true, resulting in the client application calling abort()
- CVE-2006-3465: A flaw was also uncovered in libtiffs custom tag
support