Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:7290
HistoryDec 06, 2004 - 12:00 a.m.

[Full-Disclosure] [ GLSA 200412-02 ] PDFlib: Multiple overflows in the included TIFF library

2004-12-0600:00:00
vulners.com
13
JSON

Gentoo Linux Security Advisory GLSA 200412-02

                                        http://security.gentoo.org/

Severity: Normal
Title: PDFlib: Multiple overflows in the included TIFF library
Date: December 05, 2004
Bugs: #69043
ID: 200412-02

Synopsis

PDFlib is vulnerable to multiple overflows, which can potentially lead
to the execution of arbitrary code.

Background

PDFlib is a library providing functions to handle PDF files. It
includes a modified TIFF library used to process TIFF images.

Affected packages

-------------------------------------------------------------------
 Package            /  Vulnerable  /                    Unaffected
-------------------------------------------------------------------

1 media-libs/pdflib < 5.0.4_p1 >= 5.0.4_p1

Description

The TIFF library is subject to several known vulnerabilities (see GLSA
200410-11). Most of these overflows also apply to PDFlib.

Impact

A remote attacker could entice a user or web application to process a
carefully crafted PDF file or TIFF image using a PDFlib-powered
program. This can potentially lead to the execution of arbitrary code
with the rights of the program processing the file.

Workaround

There is no known workaround at this time.

Resolution

All PDFlib users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=media-libs/pdflib-5.0.4_p1&quot;

References

[ 1 ] PDFlib ChangeLog
http://www.pdflib.com/products/pdflib/info/PDFlib-5.0.4p1-changes.txt
[ 2 ] CAN-2004-0803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803
[ 3 ] CAN-2004-0804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804
[ 4 ] CAN-2004-0886
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0886
[ 5 ] GLSA 200410-11
http://www.gentoo.org/security/en/glsa/glsa-200410-11.xml

Availability

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200412-02.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License

Copyright 2004 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Related

openvas 26
gentoo 3
slackware 1
cert 4
securityvulns 3
nessus 22
debian 2
osv 1
redhat 3
centos 3
suse 2
freebsd 3
cvelist 3
ubuntucve 4
cve 4
debiancve 4
openvas
openvas
Gentoo Security Advisory GLSA 200412-02 (PDFlib)
2008-09-24 00:00:00
Debian Security Advisory DSA 567-1 (tiff)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200412-17 (kfax)
2008-09-24 00:00:00
gentoo
gentoo
kfax: Multiple overflows in the included TIFF library
2004-12-19 00:00:00
PDFlib: Multiple overflows in the included TIFF library
2004-12-05 00:00:00
tiff: Buffer overflows in image decoding
2004-10-13 00:00:00
slackware
slackware
[slackware-security] libtiff
2004-11-01 08:00:50
cert
cert
LibTIFF contains multiple heap-based buffer overflows
2004-12-01 00:00:00
LibTIFF contains multiple integer overflows
2004-12-01 00:00:00
LibTIFF vulnerable to denial-of-service condition
2004-12-01 00:00:00
securityvulns
securityvulns
MDKSA-2004:111 - Updated wxGTK2 packages fix vulnerabilities
2004-10-22 00:00:00
KDE Security Advisory: kfax libtiff vulnerabilities
2004-12-10 00:00:00
[ GLSA 200410-11 ] tiff: Buffer overflows in image decoding
2004-10-15 00:00:00
nessus
nessus
Mandrake Linux Security Advisory : wxGTK2 (MDKSA-2004:111)
2007-02-18 00:00:00
Mandrake Linux Security Advisory : libtiff (MDKSA-2004:109)
2004-10-20 00:00:00
GLSA-200412-02 : PDFlib: Multiple overflows in the included TIFF library
2004-12-05 00:00:00
debian
debian
[SECURITY] [DSA 567-1] New libtiff packages fix remote code execution
2004-10-15 17:51:16
[SECURITY] [DSA 567-1] New libtiff packages fix remote code execution
2004-10-15 00:00:00
osv
osv
tiff - heap overflows
2004-10-15 00:00:00
redhat
redhat
(RHSA-2004:577) libtiff security update
2004-10-22 00:00:00
(RHSA-2005:354) tetex security update
2005-04-01 00:00:00
(RHSA-2005:021) kdegraphics security update
2005-04-12 00:00:00
centos
centos
kdegraphics security update
2005-04-12 16:01:20
tetex security update
2005-04-01 21:29:55
kdegraphics security update
2005-04-12 23:05:10
suse
suse
remote denial of service in kernel
2004-10-21 07:52:50
local privilege escalation in libtiff
2004-10-22 14:52:41
freebsd
freebsd
tiff -- multiple integer overflows
2004-10-13 00:00:00
tiff -- RLE decoder heap overflows
2004-10-13 00:00:00
tiff -- divide-by-zero denial-of-service
2002-03-27 00:00:00
cvelist
cvelist
CVE-2004-0886
2004-10-26 04:00:00
CVE-2004-0803
2004-10-26 04:00:00
CVE-2004-0804
2004-10-16 04:00:00
ubuntucve
ubuntucve
CVE-2004-0886
2005-01-27 00:00:00
CVE-2004-0803
2004-12-23 00:00:00
CVE-2005-2452
2005-08-03 00:00:00
cve
cve
CVE-2004-0886
2005-01-27 05:00:00
CVE-2004-0803
2004-12-23 05:00:00
CVE-2004-0804
2004-11-03 05:00:00
debiancve
debiancve
CVE-2004-0886
2005-01-27 05:00:00
CVE-2004-0803
2004-12-23 05:00:00
CVE-2004-0804
2004-11-03 05:00:00
JSON
Related for SECURITYVULNS:DOC:7290
openvas26gentoo3slackware1cert4securityvulns3nessus22debian2osv1redhat3centos3suse2freebsd3cvelist3ubuntucve4cve4debiancve4