Next Page >>
TIFF image
===========================================================
Ubuntu Security Notice USN-1085-2 March 15, 2011
tiff regression
https://launchpad.net/bugs/731540
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
===========================================================
Ubuntu Security Notice USN-1085-1 March 07, 2011
tiff vulnerabilities
CVE-2010-2482, CVE-2010-2483, CVE-2010-2595, CVE-2010-2597,
CVE-2010-2598, CVE-2010-2630, CVE-2010-3087, CVE-2011-0191,
CVE-2011-0192
===========================================================
A security issue affects the following Ubuntu releases:
Mandriva Linux Security Advisory MDVSA-2010:146
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libtiff
Date : August 6, 2010
Affected: 2010.0, 2010.1
_______________________________________________________________________
Problem Description:
======================================================================
Secunia Research 14/12/2010
- Microsoft Office TIFF Image Converter Two Buffer Overflows -
======================================================================
Table of Contents
Affected Software....................................................1
Mandriva Linux Security Advisory MDVSA-2010:145
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libtiff
Date : August 6, 2010
Affected: 2008.0, 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Debian Security Advisory DSA-2210-2 security@debian.org
http://www.debian.org/security/ Luciano Bello
June 25, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : tiff
Vulnerability : several
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2011-0191 CVE-2011-0192 CVE-2011-1167
Debian Bug : 619614 630042
=======
Summary
=======
Name: Apple OSX / iPhone iOS ImageIO TIFF getBandProcTIFF TileWidth Heap Overflow
Reference: NGS00062
Discoverer: Dominic Chell <dominic.chell@ngssecure.com>
Vendor: Apple
Vendor Reference: 145575681
Systems Affected: Apple OSX / iPhone iOS / Possibly others using LibTiff
Risk: High
===========================================================
Ubuntu Security Notice USN-954-1 June 21, 2010
tiff vulnerabilities
CVE-2010-1411, CVE-2010-2065, CVE-2010-2067
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
==========================================================================
Ubuntu Security Notice USN-1120-1
April 21, 2011
tiff vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10
Debian Security Advisory DSA-2210-1 security@debian.org
http://www.debian.org/security/ Thijs Kinkhorst
April 03, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : tiff
Vulnerability : several
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2011-0191 CVE-2011-0192 CVE-2011-1167
Debian Bug : 619614
======================================================================
Secunia Research 14/12/2010
- Microsoft Office TIFF Image Converter -
- Endian Conversion Vulnerability -
======================================================================
Table of Contents
Sep 17, 2007
I. BACKGROUND
OpenOffice is an open-source desktop office suite for many of today's
popular operating systems. Tagged Image File Format (TIFF) is a widely
supported image file format. More information about these technologies
are available from the following URLs.
http://www.openoffice.org/
methods, via a class based API. For more information on GDI+, please
visit following URL.
http://msdn2.microsoft.com/en-us/library/ms533798.aspx
Tagged Image File Format (TIFF) is a container format for storing
images. For more information about TIFF, please visit following URL.
http://partners.adobe.com/public/developer/tiff/index.html
II. DESCRIPTION
Background
==========
libTIFF provides support for reading and manipulating TIFF (Tagged
Image File Format) images.
Affected packages
=================
-------------------------------------------------------------------
Background
==========
libTIFF provides support for reading and manipulating TIFF (Tagged
Image File Format) images.
Affected packages
=================
-------------------------------------------------------------------
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2008-2327
Drew Yao discovered that libTIFF, a library for handling the Tagged Image
File Format, is vulnerable to a programming error allowing malformed
tiff files to lead to a crash or execution of arbitrary code.
For the stable distribution (etch), this problem has been fixed in
version 3.8.2-7+etch1.
other products allow remote attackers to cause a denial
of service (crash) via a crafted PDF file, related to (1)
JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg,
and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147)
Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and
earlier allows remote attackers to cause a denial of service (daemon
crash) and possibly execute arbitrary code via a crafted TIFF image,
which is not properly handled by the (1) _cupsImageReadTIFF function
in the imagetops filter and (2) imagetoraster filter, leading to a
heap-based buffer overflow. (CVE-2009-0163)
Vulnerability : buffer overflow
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2007-2834
A heap overflow vulnerability has been discovered in the TIFF parsing
code of the OpenOffice.org suite. The parser uses untrusted values
from the TIFF file to calculate the number of bytes of memory to
allocate. A specially crafted TIFF image could trigger an integer
overflow and subsequently a buffer overflow that could cause the
execution of arbitrary code.
Debian Security Advisory DSA-1835-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
July 15, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : tiff
Vulnerability : several
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2009-2285 CVE-2009-2347
Debian Bug : 534137
===========================================================
Ubuntu Security Notice USN-1102-1 April 04, 2011
tiff vulnerability
CVE-2011-1167
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
remote attackers to cause a denial of service (crash) via a
crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2)
JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap
(CVE-2009-0146, CVE-2009-0147).
Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and
earlier allows remote attackers to cause a denial of service (daemon
crash) and possibly execute arbitrary code via a crafted TIFF image,
which is not properly handled by the (1) _cupsImageReadTIFF function
in the imagetops filter and (2) imagetoraster filter, leading to a
heap-based buffer overflow (CVE-2009-0163).
other products allow remote attackers to cause a denial
of service (crash) via a crafted PDF file, related to (1)
JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg,
and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147)
Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and
earlier allows remote attackers to cause a denial of service (daemon
crash) and possibly execute arbitrary code via a crafted TIFF image,
which is not properly handled by the (1) _cupsImageReadTIFF function
in the imagetops filter and (2) imagetoraster filter, leading to a
heap-based buffer overflow. (CVE-2009-0163)
other products allow remote attackers to cause a denial
of service (crash) via a crafted PDF file, related to (1)
JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg,
and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147)
Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and
earlier allows remote attackers to cause a denial of service (daemon
crash) and possibly execute arbitrary code via a crafted TIFF image,
which is not properly handled by the (1) _cupsImageReadTIFF function
in the imagetops filter and (2) imagetoraster filter, leading to a
heap-based buffer overflow. (CVE-2009-0163)
to indicate the input stream to be corrupted), which once processed
by ImageMagick, would cause it to consume excessive amounts of memory
and CPU time (CVE-2012-0260).
An out-of-bounds buffer read flaw was found in the way ImageMagick
processed certain TIFF image files. A remote attacker could provide
a TIFF image with a specially-crafted Exif IFD value (the set of tags
for recording Exif-specific attribute information), which once opened
by ImageMagick, would cause it to crash (CVE-2012-1798).
The updated packages have been patched to correct these issues.
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that CUPS did not properly check the height of TIFF images.
If a user or automated system were tricked into opening a crafted TIFF image
file, a remote attacker could cause a denial of service or possibly execute
arbitrary code with user privileges. In Ubuntu 7.10, 8.04 LTS, and 8.10,
attackers would be isolated by the AppArmor CUPS profile.
Apple Mac OS X ImageIO TIFF Heap Overflow - CVE-2011-0204
28/06/2011
Dominic Chell of NGS Secure has discovered a High risk vulnerability in Mac OS X ImageIO. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution
Versions affected include:
Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7
to indicate the input stream to be corrupted), which once processed
by ImageMagick, would cause it to consume excessive amounts of memory
and CPU time (CVE-2012-0260).
An out-of-bounds buffer read flaw was found in the way ImageMagick
processed certain TIFF image files. A remote attacker could provide
a TIFF image with a specially-crafted Exif IFD value (the set of tags
for recording Exif-specific attribute information), which once opened
by ImageMagick, would cause it to crash (CVE-2012-1798).
The updated packages have been patched to correct these issues.
VUPEN Security Research - Adobe Acrobat and Reader TIFF BitsPerSample Heap
Overflow Vulnerability
Website : http://www.vupen.com/english/research.php
Twitter : http://twitter.com/vupen
I. BACKGROUND
---------------------
Mandriva Linux Security Advisory MDVSA-2012:054
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libtiff
Date : April 5, 2012
Affected: 2010.1, 2011., Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
-- Disclosure Timeline:
3-17-2011
-- Affected Vendor:
Imagemagick 6.6.8-5
Libtiff 6.9.4
-- Problem Description:
A buffer overflow is triggered by displaying a malformed tiff image by the Imagemagick.The error information is followed:
display: malformed.tif: Wrong "StripByteCounts" field, ignoring and calculating from imagelength. `TIFFReadDirectory' @ warning/tiff.c/TIFFWarnings/706.
Next Page>>
|
