Bug 787892 (CVE-2012-4564) - VUL-1: CVE-2012-4564: tiff: ppm2tiff missing return value check
Summary: VUL-1: CVE-2012-4564: tiff: ppm2tiff missing return value check
Status: RESOLVED FIXED
Alias: CVE-2012-4564
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: maint:released:sle11-sp1:50697 maint:...
Keywords:
Depends on:
Blocks:
 
Reported: 2012-11-02 14:49 UTC by Marcus Meissner
Modified: 2013-11-07 12:55 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
ppm2tiff.patch (1.13 KB, patch)
2012-11-02 14:50 UTC, Marcus Meissner 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2012-11-02 14:49:45 UTC 
is public, via oss-sec

https://bugzilla.redhat.com/show_bug.cgi?id=871700
CVE-2012-4564

From: Huzaifa Sidhpurwala <huzaifas@redhat.com>
Date: Fri, 02 Nov 2012 15:53:07 +0530
Subject: [oss-security] libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file

Hi All,

A flaw was found in the way ppm2tiff, a tool to create a TIFF file from
PPM, PGM and PBM image files, did not check the return value of
TIFFScanlineSize() function. When TIFFScanlineSize encountered an
integer-overflow and returned zero, this value was not checked. A
remote attacker could provide a specially-crafted PPM image format
file, that when processed by ppm2tiff would lead to ppm2tiff executable
crash or, potentially, arbitrary code execution with the privileges of
the user running the ppm2tiff binary.

Reference:
https://bugzilla.redhat.com/show_bug.cgi?id=871700


-- 
Huzaifa Sidhpurwala / Red Hat Security Response Team
Comment 1 Marcus Meissner 2012-11-02 14:50:36 UTC 
Created attachment 511790 [details]
ppm2tiff.patch

patch from RH bugzilla
Comment 2 Swamp Workflow Management 2012-11-03 23:00:24 UTC 
bugbot adjusting priority
Comment 3 Petr Gajdos 2012-11-05 13:30:48 UTC 
Fixed for factory.
Comment 4 Bernhard Wiedemann 2012-11-05 14:00:12 UTC 
This is an autogenerated message for OBS integration:
This bug (787892) was mentioned in
https://build.opensuse.org/request/show/140217 Factory / tiff
Comment 5 Petr Gajdos 2013-01-08 14:04:18 UTC 
9sp3:  sr#23375
10sp3: sr#23376
11:    sr#23377

openSUSE: mr#147545
Comment 6 Bernhard Wiedemann 2013-01-10 14:00:30 UTC 
This is an autogenerated message for OBS integration:
This bug (787892) was mentioned in
https://build.opensuse.org/request/show/147919 Evergreen:11.2 / tiff
Comment 7 Swamp Workflow Management 2013-01-24 19:04:42 UTC 
Update released for: libtiff-devel, libtiff-devel-32bit, libtiff3, libtiff3-32bit, tiff, tiff-debuginfo, tiff-debugsource
Products:
SLE-SERVER 11-SP1-TERADATA (x86_64)
Comment 8 Swamp Workflow Management 2013-01-24 20:34:26 UTC 
Update released for: libtiff, tiff
Products:
SUSE-CORE 9-SP3-TERADATA (x86_64)
Comment 9 Swamp Workflow Management 2013-01-24 21:17:42 UTC 
Update released for: libtiff, libtiff-32bit, libtiff-64bit, libtiff-devel, libtiff-devel-32bit, libtiff-devel-64bit, libtiff-x86, tiff, tiff-debuginfo
Products:
SLE-DESKTOP 10-SP4 (i386, x86_64)
SLE-SDK 10-SP4 (i386, ia64, ppc, s390x, x86_64)
SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
Comment 10 Swamp Workflow Management 2013-01-24 22:05:23 UTC 
Update released for: libtiff, libtiff-32bit, libtiff-devel, libtiff-devel-32bit, tiff, tiff-debuginfo
Products:
SLE-SERVER 10-SP3-TERADATA (x86_64)
Comment 11 Swamp Workflow Management 2013-01-24 22:13:53 UTC 
Update released for: libtiff-devel, libtiff-devel-32bit, libtiff3, libtiff3-32bit, libtiff3-x86, tiff, tiff-debuginfo, tiff-debugsource
Products:
SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP2 (i386, x86_64)
SLE-SDK 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP2 (i386, x86_64)
Comment 12 Marcus Meissner 2013-01-25 08:16:04 UTC 
released
Comment 13 Bernhard Wiedemann 2013-05-23 06:00:31 UTC 
This is an autogenerated message for OBS integration:
This bug (787892) was mentioned in
https://build.opensuse.org/request/show/176384 Evergreen:11.2 / tiff
Comment 14 Swamp Workflow Management 2013-11-07 12:55:33 UTC 
Update released for: libtiff, libtiff-32bit, libtiff-devel, libtiff-devel-32bit, tiff, tiff-debuginfo
Products:
SLE-SERVER 10-SP3-LTSS (i386, s390x, x86_64)