diff options
| author | simon <simon@FreeBSD.org> | 2005-07-30 23:48:06 +0800 |
|---|---|---|
| committer | simon <simon@FreeBSD.org> | 2005-07-30 23:48:06 +0800 |
| commit | 12a2732bfbf85f90787e562d8071bfc09a6a5c6b (patch) | |
| tree | 96cc893b0f327e05fe35a1bc3544336dd6d3b607 /security/vuxml | |
| parent | 8dd8c64da6ca795e4c799f4c5019004b54387853 (diff) | |
| download | freebsd-ports-graphics-12a2732bfbf85f90787e562d8071bfc09a6a5c6b.tar.gz freebsd-ports-graphics-12a2732bfbf85f90787e562d8071bfc09a6a5c6b.tar.zst freebsd-ports-graphics-12a2732bfbf85f90787e562d8071bfc09a6a5c6b.zip | |
Document tiff -- buffer overflow vulnerability.
Diffstat (limited to 'security/vuxml')
| -rw-r--r-- | security/vuxml/vuln.xml | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 12df54d8c44..ba770040e05 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,45 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="68222076-010b-11da-bc08-0001020eed82"> + <topic>tiff -- buffer overflow vulnerability</topic> + <affects> + <package> + <name>tiff</name> + <name>linux-tiff</name> + <range><lt>3.7.3</lt></range> + </package> + <package> + <name>pdflib</name> + <range><gt>0</gt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>A Gentoo Linux Security Advisory reports:</p> + <blockquote cite="http://www.gentoo.org/security/en/glsa/glsa-200505-07.xml"> + <p>Tavis Ormandy of the Gentoo Linux Security Audit Team + discovered a stack based buffer overflow in the libTIFF + library when reading a TIFF image with a malformed + BitsPerSample tag.</p> + <p>Successful exploitation would require the victim to open + a specially crafted TIFF image, resulting in the execution + of arbitrary code.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CAN-2005-1544</cvename> + <url>http://bugzilla.remotesensing.org/show_bug.cgi?id=843</url> + <url>http://www.gentoo.org/security/en/glsa/glsa-200505-07.xml</url> + <url>http://www.remotesensing.org/libtiff/v3.7.3.html</url> + </references> + <dates> + <discovery>2005-05-10</discovery> + <entry>2005-07-30</entry> + </dates> + </vuln> + <vuln vid="934b1de4-00d7-11da-bc08-0001020eed82"> <topic>opera -- image dragging vulnerability</topic> <affects> |