mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-17 03:25:46 +00:00
Code Issues Releases Activity

Cancel VID 14e8f315-600e-11d9-a9e7-0001020eed82 "tiff -- stripoffsets

Browse Source 
integer overflow vulnerability", as it was a subset of VID
3897a2f8-1d57-11d9-bc4a-000c41e2cdad "tiff -- multiple integer
overflows".  This is another case of iDEFENSE ``discovering'' a
vulnerability months after it had already been made public and
corrected.  I've preserved the iDEFENSE advisory reference by moving it
to the older entry, so that someone won't get misled by it again later.
This commit is contained in:
Jacques Vidrine 2005-01-13 19:39:14 +00:00
parent 7f51d237f0
commit 1ce7083c86
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=126335
1 changed files with 3 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
security/vuxml/vuln.xml
View File

@ -527,36 +527,7 @@ http_access deny Gopher</pre>
</vuln> </vuln>
<vuln vid="14e8f315-600e-11d9-a9e7-0001020eed82"> <vuln vid="14e8f315-600e-11d9-a9e7-0001020eed82">
<topic>tiff -- stripoffsets integer overflow vulnerability</topic> <cancelled superseded="3897a2f8-1d57-11d9-bc4a-000c41e2cdad" />
<affects>
<package>
<name>tiff</name>
<name>linux-tiff</name>
<range><lt>3.7.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>In an iDEFENSE Security Advisory infamous41md reports:</p>
<blockquote cite="http://www.idefense.com/application/poi/display?id=173&amp;type=vulnerabilities">
<p>Remote exploitation of an integer overflow in libtiff may
allow for the execution of arbitrary code.</p>
<p>The overflow occurs in the parsing of TIFF files set with
the STRIPOFFSETS flag in libtiff/tif_dirread.c. In the
TIFFFetchStripThing() function, the number of strips
(nstrips) is used directly in a CheckMalloc() routine
without sanity checking.</p>
</blockquote>
</body>
</description>
<references>
<bid>12075</bid>
<url>http://www.idefense.com/application/poi/display?id=173&amp;type=vulnerabilities</url>
</references>
<dates>
<discovery>2004-12-15</discovery>
<entry>2005-01-06</entry>
</dates>
</vuln> </vuln>
<vuln vid="bd9fc2bf-5ffe-11d9-a11a-000a95bc6fae"> <vuln vid="bd9fc2bf-5ffe-11d9-a11a-000a95bc6fae">
@ -3845,11 +3816,12 @@ http_access deny Gopher</pre>
<references> <references>
<certvu>687568</certvu> <certvu>687568</certvu>
<cvename>CAN-2004-0886</cvename> <cvename>CAN-2004-0886</cvename>
<url>http://www.idefense.com/application/poi/display?id=173&amp;type=vulnerabilities</url>
</references> </references>
<dates> <dates>
<discovery>2004-10-13</discovery> <discovery>2004-10-13</discovery>
<entry>2004-10-13</entry> <entry>2004-10-13</entry>
<modified>2005-01-08</modified> <modified>2005-01-13</modified>
</dates> </dates>
</vuln> </vuln>