CVE-2011-1167 (libtiff 3.9.4 in 3rdparty) (Bug #1271)
| Status: | Done | Start date: | |
|---|---|---|---|
| Priority: | High | Due date: | |
| Assignee: |  Vadim Pisarevsky |
% Done: | 0% |
| Category: | highgui-images | ||
| Target version: | 2.4.0 | ||
| Affected version: | Operating System: | ||
| Difficulty: | HW Platform: | ||
| Pull request: |
Description
libtiff 3.9.4 is used in opencv and is vulnerable to cve-2001-1167 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1167 . It is fixed in libtiff 3.9.5. You can see a patch for the vuln at http://bugzilla.maptools.org/attachment.cgi?id=446&action=diff which is not present in https://code.ros.org/trac/opencv/browser/trunk/opencv/3rdparty/libtiff/tif_thunder.c
This is a similar vulnerability to some that were previously fixed in #585
Associated revisions
updated libtiff to 3.9.5 (ticket #1271)
History
Updated by Vadim Pisarevsky over 13 years ago
libtiff upgraded to 3.9.5 in r6300.
- Status changed from Open to Done
- (deleted custom field) set to fixed
Updated by Andrey Kamaev almost 13 years ago
- Description changed from libtiff 3.9.4 is used in opencv and is vulnerable to cve-2001-1167 http://web... to libtiff 3.9.4 is used in opencv and is vulnerable to cve-2001-1167 http://web... More
Updated by Andrey Kamaev almost 13 years ago
- Target version set to 2.4.0
- Category set to highgui-images