This is the mail archive of the cygwin-apps mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: SECURITY: tiff

From: "Yaakov S (Cygwin Ports)" <yselkowitz at users dot sourceforge dot net>
To: cygwin-apps at cygwin dot com
Date: Wed, 19 Jul 2006 16:34:39 -0500
Subject: Re: SECURITY: tiff
References: <447CC6A2.9060703@users.sourceforge.net> <44907C27.3010608@users.sourceforge.net> <44B59CB8.4010401@users.sourceforge.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yaakov S (Cygwin Ports) wrote:
> Yaakov S (Cygwin Ports) wrote:
>>>>> Multiple vulnerabilities, ranging from integer overflows and NULL
>>>>> pointer dereferences to double frees, were reported in libTIFF.
> 
> And now, there's more:
> 
> A buffer overflow has been found in the t2p_write_pdf_string function in
> tiff2pdf, which can been triggered with a TIFF file containing a
> DocumentName tag with UTF-8 characters. An additional buffer overflow
> has been found in the handling of the parameters in tiffsplit.

This has been hanging for two months already, so I went ahead and added
this to Cygwin Ports CVS[1], in module ports/libs/tiff.  I hope our
maintainer (Charles?) will be able to roll this out ASAP.

[1] http://sourceforge.net/cvs/?group_id=99645


Yaakov
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEvqVvpiWmPGlmQSMRAoeVAKDbsuue7fRRdkGst/o7m6TFXxb6gQCdHc5g
1dmXgL18cqu7H0uhOdiW5Pg=
=FGvD
-----END PGP SIGNATURE-----

References:
- Re: SECURITY: tiff
  - From: Yaakov S (Cygwin Ports)

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]