Bug 20528 - CVE-2009-2285 LZWDecodeCompat buffer underflow
Summary: CVE-2009-2285 LZWDecodeCompat buffer underflow
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: libtiff (show other bugs)
Version: unstable
Hardware: all Linux
: P3 critical
Assignee: Vladimir D. Seleznev
QA Contact: qa-sisyphus
URL: http://bugzilla.maptools.org/show_bug...
Keywords: security
Depends on:
Blocks:
 
Reported: 2009-06-22 07:56 MSD by Vladimir Lettiev
Modified: 2009-07-01 21:31 MSD (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Lettiev 2009-06-22 07:56:20 MSD 
Обнаружена ошибка в коде функции LZWDecodeCompat в tif_lzw.c, приводящая к краху приложения при обработке специально-сформированного изображения.

Предложен патч, исправляющий ошибку: http://bugzilla.maptools.org/attachment.cgi?id=314
Comment 1 Repository Robot 2009-06-24 14:14:57 MSD 
libtiff-3.8.2-alt4 -> sisyphus:

* Tue Jun 23 2009 Dmitry V. Levin <ldv@altlinux> 3.8.2-alt4

- Backported fix for buffer underflow bug in LZWDecodeCompat (closes: #20528).