libtiff-tools: tiff2pdf segfault

Debian Bug report logs - #370355
libtiff-tools: tiff2pdf segfault

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: gpe92 <gpe92@free.fr>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: libtiff-tools: tiff2pdf segfault

Date: Sun, 04 Jun 2006 21:11:48 +0200

Package: libtiff-tools
Version: 3.8.2-3
Severity: important

I've a segfault with tiff2pdf when I try to convert a tiff file with a
DocumentName tag which contains utf-8 characters.
Here's a faulty tiffinfo output:

TIFF Directory at offset 0x7d2758 (8202072)
  Subfile Type: (0 = 0x0)
  Image Width: 2444 Image Length: 3356
  Resolution: 300, 300 pixels/inch
  Bits/Sample: 8
  Compression Scheme: None
  Photometric Interpretation: min-is-black
  Orientation: row 0 top, col 0 lhs
  Samples/Pixel: 1
  Rows/Strip: 64
  Planar Configuration: single image plane
  DocumentName: /home/gpe/Documents/Spéléo/Lot/CDS46/Bulletins/Bull. n°7/Bulletin_CDS46_07_001.tiff

With the same file but with the DocumentName tag without utf-8 characters
there is no problem.

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-1-k7
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)

Versions of packages libtiff-tools depends on:
ii  libc6                         2.3.6-7    GNU C Library: Shared libraries
ii  libjpeg62                     6b-13      The Independent JPEG Group's JPEG 
ii  libtiff4                      3.8.2-3    Tag Image File Format (TIFF) libra
ii  zlib1g                        1:1.2.3-11 compression library - runtime

libtiff-tools recommends no packages.

-- no debconf information

Message #10 received at 370355@bugs.debian.org (full text, mbox, reply):

From: Jay Berkenbilt <qjb@debian.org>

To: gpe92 <gpe92@free.fr>

Cc: 370355@bugs.debian.org, control@bugs.debian.org

Subject: Re: Bug#370355: libtiff-tools: tiff2pdf segfault

Date: Mon, 05 Jun 2006 20:12:16 -0400

forwarded 370355 http://bugzilla.remotesensing.org/show_bug.cgi?id=1196
thanks

gpe92 <gpe92@free.fr> wrote:

> I've a segfault with tiff2pdf when I try to convert a tiff file with a
> DocumentName tag which contains utf-8 characters.

I have successfully reproduced this problem and reported it upstream.
They are usually pretty responsive about fixing problems, so hopefully
we will have a fix soon.  Thanks for your report.

-- 
Jay Berkenbilt <qjb@debian.org>

Message #17 received at 370355@bugs.debian.org (full text, mbox, reply):

From: Martin Pitt <martin.pitt@ubuntu.com>

To: 370355@bugs.debian.org

Subject: patch and CVE number

Date: Wed, 7 Jun 2006 15:23:55 +0200

[Message part 1 (text/plain, inline)]

Hi!

This has been assigned CVE-2006-2193. This is the Ubuntu patch:

  http://patches.ubuntu.com/patches/tiff.tiff2pdf-octal-printf.patch

which fixes the sprintf to use a char-sized number instead of an
integer-sized, so that e. g. -1 ends up as \377 instead of
\37777777777, and the 5-byte buffer isn't overflown.

(Patch contains our changelog in the header).

Thanks,

Martin

-- 
Martin Pitt        http://www.piware.de
Ubuntu Developer   http://www.ubuntu.com
Debian Developer   http://www.debian.org

In a world without walls and fences, who needs Windows and Gates?

[signature.asc (application/pgp-signature, inline)]

Send a report that this bug log contains spam.