http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html

http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html

http://openwall.com/lists/oss-security/2015/01/24/15

http://support.apple.com/kb/HT204941

http://support.apple.com/kb/HT204942

http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt

https://bugzilla.redhat.com/show_bug.cgi?id=1185812

This update for tiff fixes the following security issues :

  - CVE-2017-5225: Prevent heap buffer overflow in the     tools/tiffcp that could have caused DoS or code     execution via a crafted BitsPerSample value     (bsc#1019611)

  - CVE-2018-7456: Prevent a NULL pointer dereference in the     function TIFFPrintDirectory when using the tiffinfo tool     to print crafted TIFF information, a different     vulnerability than CVE-2017-18013 (bsc#1082825)

  - CVE-2017-11613: Prevent denial of service in the     TIFFOpen function. During the TIFFOpen process,     td_imagelength is not checked. The value of     td_imagelength can be directly controlled by an input     file. In the ChopUpSingleUncompressedStrip function, the
    _TIFFCheckMalloc function is called based on     td_imagelength. If the value of td_imagelength is set     close to the amount of system memory, it will hang the     system or trigger the OOM killer (bsc#1082332)

  - CVE-2016-10266: Prevent remote attackers to cause a     denial of service (divide-by-zero error and application     crash) via a crafted TIFF image, related to     libtiff/tif_read.c:351:22 (bsc#1031263)

  - CVE-2018-8905: Prevent heap-based buffer overflow in the     function LZWDecodeCompat via a crafted TIFF file     (bsc#1086408)

  - CVE-2016-9540: Prevent out-of-bounds write on tiled     images with odd tile width versus image width     (bsc#1011839).

  - CVE-2016-9535: tif_predict.h and tif_predict.c had     assertions that could have lead to assertion failures in     debug mode, or buffer overflows in release mode, when     dealing with unusual tile size like YCbCr with     subsampling (bsc#1011846).

  - CVE-2016-9535: tif_predict.h and tif_predict.c had     assertions that could have lead to assertion failures in     debug mode, or buffer overflows in release mode, when     dealing with unusual tile size like YCbCr with     subsampling (bsc#1011846).

  - Removed assert in readSeparateTilesIntoBuffer() function     (bsc#1017689).

  - CVE-2016-10095: Prevent stack-based buffer overflow in     the _TIFFVGetField function that allowed remote     attackers to cause a denial of service (crash) via a     crafted TIFF file (bsc#1017690).

  - CVE-2016-8331: Prevent remote code execution because of     incorrect handling of TIFF images. A crafted TIFF     document could have lead to a type confusion     vulnerability resulting in remote code execution. This     vulnerability could have been be triggered via a TIFF     file delivered to the application using LibTIFF's tag     extension functionality (bsc#1007276).

  - CVE-2016-3632: The _TIFFVGetField function allowed     remote attackers to cause a denial of service     (out-of-bounds write) or execute arbitrary code via a     crafted TIFF image (bsc#974621).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for tiff to version 4.0.9 fixes the following issues :

Security issues fixed :

  - CVE-2014-8128: Fix out-of-bounds read with malformed     TIFF image in multiple tools (bsc#969783).

  - CVE-2015-7554: Fix invalid write in tiffsplit /
    _TIFFVGetField (bsc#960341).

  - CVE-2016-10095: Fix stack-based buffer overflow in
    _TIFFVGetField (tif_dir.c) (bsc#1017690).

  - CVE-2016-5318: Fix stackoverflow in thumbnail     (bsc#983436).

  - CVE-2017-16232: Fix memory-based DoS in tiff2bw     (bsc#1069213).

This update was imported from the SUSE:SLE-12:Update update project.

This update for tiff to version 4.0.9 fixes the following issues:
Security issues fixed :

  - CVE-2014-8128: Fix out-of-bounds read with malformed     TIFF image in multiple tools (bsc#969783).

  - CVE-2015-7554: Fix invalid write in tiffsplit /
    _TIFFVGetField (bsc#960341).

  - CVE-2016-10095: Fix stack-based buffer overflow in
    _TIFFVGetField (tif_dir.c) (bsc#1017690).

  - CVE-2016-5318: Fix stackoverflow in thumbnail     (bsc#983436).

  - CVE-2017-16232: Fix memory-based DoS in tiff2bw     (bsc#1069213).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

New libtiff packages are available for Slackware 14.2 and -current to fix security issues.

The remote host is affected by the vulnerability described in GLSA-201701-16 (libTIFF: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in libTIFF. Please review       the CVE identifier and bug reports referenced for details.
  Impact :

    A remote attacker could entice a user to process a specially crafted       image file, possibly resulting in execution of arbitrary code with the       privileges of the process or a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

Version 4.0.2-6+deb7u7 introduced changes that resulted in libtiff being unable to write out tiff files when the compression scheme in use relies on codec-specific TIFF tags embedded in the image.

This problem manifested itself with errors like those: $ tiffcp -r 16
-c jpeg sample.tif out.tif _TIFFVGetField: out.tif: Invalid tag 'Predictor' (not supported by codec). _TIFFVGetField: out.tif: Invalid tag 'BadFaxLines' (not supported by codec). tiffcp:
tif_dirwrite.c:687: TIFFWriteDirectorySec: Assertion `0' failed.

For Debian 7 'Wheezy', these problems have been fixed in version 4.0.2-6+deb7u10.

We recommend that you upgrade your tiff packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Version 3.9.6-11+deb7u1 and 3.9.6-11+deb7u2 introduced changes that resulted in libtiff writing out invalid tiff files when the compression scheme in use relies on codec-specific TIFF tags embedded in the image.

For Debian 7 'Wheezy', these problems have been fixed in version 3.9.6-11+deb7u3.

We recommend that you upgrade your tiff3 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is running a version of iOS that is prior to version 8.4.0 and the following components contain vulnerabilities :

 - Application Store 
 - Certificate Trust Policy 
 - CFNetwork HTTPAuthentication 
 - CoreGraphics 
 - CoreText 
 - coreTLS 
 - DiskImages 
 - FontParser 
 - ImageIO 
 - Kernel 
 - Mail 
 - MobileInstallation 
 - Safari 
 - Security 
 - SQLite 
 - Telephony 
 - WebKit 
 - WiFi Connectivity

The remote host is running a version of Mac OS X 10.10.x that is prior to version 10.10.4 and the following components contain vulnerabilities :

  - Admin Framework 
-  afpserver 
 - apache 
 - AppleFSCompression 
 - AppleGraphicsControl 
 - AppleThunderboltEDMService 
 - ATS 
 - Bluetooth 
 - Certificate Trust Policy 
 - CFNetwork HTTPAuthentication 
 - CoreText 
 - coreTLS 
 - DiskImages 
 - Display Drivers 
 - EFI 
 - FontParser 
 - Graphics Driver 
 - ImageIO 
 - Install Framework Legacy 
 - Intel Graphics Driver 
 - IOAcceleratorFamily 
 - IOFireWireFamily 
 - Kernel 
 - kext tools 
 - Mail 
 - ntfs 
 - ntp 
 - OpenSSL 
 - QuickTime 
 - Security 
 - Spotlight 
 - SQLite 
 - System Stats 
 - TrueTypeScaler 
 - zip

LibTiff was updated to the 4.0.4 stable release fixing various security issues and bugs.

These security issues were fixed :

  - CVE-2014-8127: Out-of-bounds write (bnc#914890).

  - CVE-2014-8128: Out-of-bounds write (bnc#914890).

  - CVE-2014-8129: Out-of-bounds write (bnc#914890).

  - CVE-2014-8130: Out-of-bounds write (bnc#914890).

  - CVE-2014-9655: Access of uninitialized memory     (bnc#916927).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

tiff was updated to fix six security issues found by fuzzing initiatives.

These security issues were fixed :

  - CVE-2014-8127: Out-of-bounds write (bnc#914890).

  - CVE-2014-8128: Out-of-bounds write (bnc#914890).

  - CVE-2014-8129: Out-of-bounds write (bnc#914890).

  - CVE-2014-8130: Out-of-bounds write (bnc#914890).

  - CVE-2014-9655: Access of uninitialized memory     (bnc#916927).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

tiff was updated to version 4.0.4 to fix six security issues found by fuzzing initiatives.

These security issues were fixed :

  - CVE-2014-8127: Out-of-bounds write (bnc#914890).

  - CVE-2014-9655: Access of uninitialized memory     (bnc#916927).

  - CVE-2014-8130: Out-of-bounds write (bnc#914890).

  - CVE-2015-1547: Use of uninitialized memory in NeXTDecode     (bnc#916925).

  - CVE-2014-8129: Out-of-bounds write (bnc#914890).

  - CVE-2014-8128: Out-of-bounds write (bnc#914890).

The mobile device is running a version of iOS prior to version 8.4. It is, therefore, affected by vulnerabilities in the following components :

  - Application Store
  - Certificate Trust Policy
  - CFNetwork HTTPAuthentication
  - CoreGraphics
  - CoreText
  - coreTLS
  - DiskImages
  - FontParser
  - ImageIO
  - Kernel
  - Mail
  - MobileInstallation
  - Safari
  - Security
  - SQLite
  - Telephony
  - WebKit
  - WiFi Connectivity

William Robinet and Michal Zalewski discovered multiple vulnerabilities in the TIFF library and its tools, which may result in denial of service or the execution of arbitrary code if a malformed TIFF file is processed.

Several vulnerabilities have been discovered in the LibTIFF library and utilities for the Tag Image File Format. These could lead to a denial of service, information disclosure or privilege escalation.

CVE-2014-8128

William Robinet discovered that out-of-bounds writes are triggered in several of the LibTIFF utilities when processing crafted TIFF files.
Other applications using LibTIFF are also likely to be affected in the same way.

CVE-2014-8129

William Robinet discovered that out-of-bounds reads and writes are triggered in tiff2pdf when processing crafted TIFF files. Other applications using LibTIFF are also likely to be affected in the same way.

CVE-2014-9330

Paris Zoumpouloglou discovered that out-of-bounds reads and writes are triggered in bmp2tiff when processing crafted BMP files.

CVE-2014-9655

Michal Zalewski discovered that out-of-bounds reads and writes are triggered in LibTIFF when processing crafted TIFF files.

For the oldoldstable distribution (squeeze), these problems have been fixed in version 3.9.4-5+squeeze12.

For the oldstable distribution (wheezy), these problems will be fixed soon.

The stable distribution (jessie) was not affected by these problems as they were fixed before release.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

USN-2553-1 fixed vulnerabilities in LibTIFF. One of the security fixes caused a regression when saving certain TIFF files with a Predictor tag. The problematic patch has been temporarily backed out until a more complete fix is available.

We apologize for the inconvenience.

William Robinet discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130)

Paris Zoumpouloglou discovered that LibTIFF incorrectly handled certain malformed BMP images. If a user or automated system were tricked into opening a specially crafted BMP image, a remote attacker could crash the application, leading to a denial of service. (CVE-2014-9330)

Michal Zalewski discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2014-9655).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

William Robinet discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130)

Paris Zoumpouloglou discovered that LibTIFF incorrectly handled certain malformed BMP images. If a user or automated system were tricked into opening a specially crafted BMP image, a remote attacker could crash the application, leading to a denial of service.
(CVE-2014-9330)

Michal Zalewski discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2014-9655).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Updated libtiff packages fix security vulnerabilities :

The libtiff image decoder library contains several issues that could cause the decoder to crash when reading crafted TIFF images (CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130, CVE-2014-9655, CVE-2015-1547).

LibTIFF was updated fix various security issues that could lead to crashes of the image decoder. (CVE-2014-9655, CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130, CVE-2015-1547)

ID	Name	Product	Family	Severity
110803	SUSE SLES11 Security Update : tiff (SUSE-SU-2018:1835-1)	Nessus	SuSE Local Security Checks	high
106060	openSUSE Security Update : tiff (openSUSE-2018-31)	Nessus	SuSE Local Security Checks	high
106043	SUSE SLED12 / SLES12 Security Update : tiff (SUSE-SU-2018:0073-1)	Nessus	SuSE Local Security Checks	high
104702	Slackware 14.2 / current : libtiff (SSA:2017-324-01)	Nessus	Slackware Local Security Checks	medium
96373	GLSA-201701-16 : libTIFF: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
94474	Debian DLA-693-2 : tiff regression update	Nessus	Debian Local Security Checks	high
93322	Debian DLA-610-2 : tiff3 regression update	Nessus	Debian Local Security Checks	high
8977	Apple iOS < 8.4 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	high
8801	Mac OS X < 10.10.4 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	high
85762	SUSE SLED12 / SLES12 Security Update : tiff (SUSE-SU-2015:1475-1)	Nessus	SuSE Local Security Checks	medium
85597	SUSE SLED11 / SLES11 Security Update : tiff (SUSE-SU-2015:1420-1)	Nessus	SuSE Local Security Checks	medium
84655	openSUSE Security Update : tiff (openSUSE-2015-476)	Nessus	SuSE Local Security Checks	medium
84490	Apple iOS < 8.4 Multiple Vulnerabilities (Logjam)	Nessus	Mobile Devices	high
83820	Debian DSA-3273-1 : tiff - security update	Nessus	Debian Local Security Checks	medium
83499	Debian DLA-221-1 : tiff security update	Nessus	Debian Local Security Checks	medium
82525	Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : tiff regression (USN-2553-2)	Nessus	Ubuntu Local Security Checks	medium
82497	Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : tiff vulnerabilities (USN-2553-1)	Nessus	Ubuntu Local Security Checks	medium
82400	Mandriva Linux Security Advisory : libtiff (MDVSA-2015:147-1)	Nessus	Mandriva Local Security Checks	medium
81719	openSUSE Security Update : tiff (openSUSE-2015-207)	Nessus	SuSE Local Security Checks	medium

CVE-2014-8128

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins