http://packetstormsecurity.com/files/135080/libtiff-4.0.6-Heap-Overflow.html

RHSA-2016:1546

RHSA-2016:1547

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

20151228 libtiff bmp file Heap Overflow (CVE-2015-8668)

GLSA-201701-16

This update for tiff fixes the following issues :

The following security vulnerabilities were addressed :

CVE-2015-8668: Fixed a heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff, which allowed remote attackers to execute arbitrary code or cause a denial of service via a large width field in a specially crafted BMP image.
(bsc#960589)

CVE-2018-10779: Fixed a heap-based buffer over-read in TIFFWriteScanline() in tif_write.c (bsc#1092480)

CVE-2017-17942: Fixed a heap-based buffer overflow in the function PackBitsEncode in tif_packbits.c. (bsc#1074186)

CVE-2016-5319: Fixed a beap-based buffer overflow in bmp2tiff (bsc#983440)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

USN-3212-1 and USN-3212-2 fixed a vulnerabilitiy in LibTIFF. This update provides a subset of corresponding update for Ubuntu 12.04 ESM.

It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the compat-libtiff3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - The (1) putcontig8bitYCbCr21tile function in     tif_getimage.c or (2) NeXTDecode function in tif_next.c     in LibTIFF allows remote attackers to cause a denial of     service (uninitialized memory access) via a crafted     TIFF image, as demonstrated by libtiff-cvs-1.tif and     libtiff-cvs-2.tif.(CVE-2014-8127,CVE-2014-8129,CVE-2014
    -8130,CVE-2014-9655)

  - A flaw was discovered in the bmp2tiff utility. By     tricking a user into processing a specially crafted     file, a remote attacker could exploit this flaw to     cause a crash or memory corruption and, possibly,     execute arbitrary code with the privileges of the user     running the libtiff     tool.(CVE-2014-9330,CVE-2015-7554,CVE-2015-8668,CVE-201     5-8665,CVE-2015-8781,CVE-2016-3632,CVE-2016-3945,CVE-20     16-3990,CVE-2016-3991,CVE-2016-5320,CVE-2016-5652,CVE-2     015-8683)

  - tools/tiffcp.c in libtiff has an out-of-bounds write on     tiled images with odd tile width versus image width.
    Reported as MSVR 35103, aka 'cpStripToTile     heap-buffer-overflow.'(CVE-2016-9540)

  - tif_predict.h and tif_predict.c in libtiff have     assertions that can lead to assertion failures in debug     mode, or buffer overflows in release mode, when dealing     with unusual tile size like YCbCr with subsampling.
    Reported as MSVR 35105, aka 'Predictor     heap-buffer-overflow.'(CVE-2016-9535,CVE-2016-9533,CVE-     2016-9534,CVE-2016-9536,CVE-2016-9537)

  - The NeXTDecode function in tif_next.c in LibTIFF allows     remote attackers to cause a denial of service     (uninitialized memory access) via a crafted TIFF image,     as demonstrated by libtiff5.tif.(CVE-2015-1547)

  - The NeXTDecode function in tif_next.c in LibTIFF allows     remote attackers to cause a denial of service     (out-of-bounds write) via a crafted TIFF image, as     demonstrated by libtiff5.tif.(CVE-2015-8784)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the libtiff packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Multiple flaws have been discovered in libtiff. A     remote attacker could exploit these flaws to cause a     crash or memory corruption and, possibly, execute     arbitrary code by tricking an application linked     against libtiff into processing specially crafted     files.(CVE-2014-9655, CVE-2015-1547, CVE-2015-8784,     CVE-2015-8683, CVE-2015-8665, CVE-2015-8781,     CVE-2015-8782, CVE-2015-8783, CVE-2016-3990,     CVE-2016-5320)

  - Multiple flaws have been discovered in various libtiff     tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf,     tiffcrop, tiffdither, tiffsplit, tiff2rgba). By     tricking a user into processing a specially crafted     file, a remote attacker could exploit these flaws to     cause a crash or memory corruption and, possibly,     execute arbitrary code with the privileges of the user     running the libtiff tool.(CVE-2014-8127, CVE-2014-8129,     CVE-2014-8130, CVE-2014-9330, CVE-2015-7554,     CVE-2015-8668, CVE-2016-3632, CVE-2016-3945,     CVE-2016-3991)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201701-16 (libTIFF: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in libTIFF. Please review       the CVE identifier and bug reports referenced for details.
  Impact :

    A remote attacker could entice a user to process a specially crafted       image file, possibly resulting in execution of arbitrary code with the       privileges of the process or a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

Version 4.0.2-6+deb7u7 introduced changes that resulted in libtiff being unable to write out tiff files when the compression scheme in use relies on codec-specific TIFF tags embedded in the image.

This problem manifested itself with errors like those: $ tiffcp -r 16
-c jpeg sample.tif out.tif _TIFFVGetField: out.tif: Invalid tag 'Predictor' (not supported by codec). _TIFFVGetField: out.tif: Invalid tag 'BadFaxLines' (not supported by codec). tiffcp:
tif_dirwrite.c:687: TIFFWriteDirectorySec: Assertion `0' failed.

For Debian 7 'Wheezy', these problems have been fixed in version 4.0.2-6+deb7u10.

We recommend that you upgrade your tiff packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files.
(CVE-2014-9655 , CVE-2015-1547 , CVE-2015-8784 , CVE-2015-8683 , CVE-2015-8665 , CVE-2015-8781 , CVE-2015-8782 , CVE-2015-8783 , CVE-2016-3990 , CVE-2016-5320)

Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool.
(CVE-2014-8127 , CVE-2014-8129 , CVE-2014-8130 , CVE-2014-9330 , CVE-2015-7554 , CVE-2015-8668 , CVE-2016-3632 , CVE-2016-3945 , CVE-2016-3991)

Security Fix(es) :

  - Multiple flaws have been discovered in libtiff. A remote     attacker could exploit these flaws to cause a crash or     memory corruption and, possibly, execute arbitrary code     by tricking an application linked against libtiff into     processing specially crafted files. (CVE-2014-9655,     CVE-2015-1547, CVE-2015-8784, CVE-2015-8683,     CVE-2015-8665, CVE-2015-8781, CVE-2015-8782,     CVE-2015-8783, CVE-2016-3990, CVE-2016-5320)

  - Multiple flaws have been discovered in various libtiff     tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf,     tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking     a user into processing a specially crafted file, a     remote attacker could exploit these flaws to cause a     crash or memory corruption and, possibly, execute     arbitrary code with the privileges of the user running     the libtiff tool. (CVE-2014-8127, CVE-2014-8129,     CVE-2014-8130, CVE-2014-9330, CVE-2015-7554,     CVE-2015-8668, CVE-2016-3632, CVE-2016-3945,     CVE-2016-3991)

An update for libtiff is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es) :

* Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files.
(CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320)

* Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool.
(CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991)

An update for libtiff is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es) :

* Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files.
(CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320)

* Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool.
(CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991)

The remote OracleVM system is missing necessary patches to address critical security updates :

  - Update patch for (CVE-2014-8127)

  - Related: #1335099

  - Fix patches for (CVE-2016-3990, CVE-2016-5320)

  - Related: #1335099

  - Add patches for CVEs :

  - CVE-2016-3632 CVE-2016-3945 (CVE-2016-3990)

  - CVE-2016-3991 (CVE-2016-5320)

  - Related: #1335099

  - Update patch for (CVE-2014-8129)

  - Related: #1335099

  - Merge previously released fixes for CVEs :

  - CVE-2013-1960 CVE-2013-1961 (CVE-2013-4231)

  - CVE-2013-4232 CVE-2013-4243 (CVE-2013-4244)

  - Resolves: #1335099

  - Patch typos in (CVE-2014-8127)

  - Related: #1299919

  - Fix CVE-2014-8127 and CVE-2015-8668 patches

  - Related: #1299919

  - Fixed patches on preview CVEs

  - Related: #1299919

  - This resolves several CVEs

  - CVE-2014-8127, CVE-2014-8129, (CVE-2014-8130)

  - CVE-2014-9330, CVE-2014-9655, (CVE-2015-8781)

  - CVE-2015-8784, CVE-2015-1547, (CVE-2015-8683)

  - CVE-2015-8665, CVE-2015-7554, (CVE-2015-8668)

  - Resolves: #1299919

From Red Hat Security Advisory 2016:1547 :

An update for libtiff is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es) :

* Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files.
(CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320)

* Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool.
(CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991)

From Red Hat Security Advisory 2016:1546 :

An update for libtiff is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es) :

* Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files.
(CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320)

* Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool.
(CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991)

ID	Name	Product	Family	Severity
117448	SUSE SLES11 Security Update : tiff (SUSE-SU-2018:2676-1)	Nessus	SuSE Local Security Checks	high
101833	Ubuntu 12.04 LTS : tiff vulnerabilities (USN-3212-3)	Nessus	Ubuntu Local Security Checks	high
99889	EulerOS 2.0 SP1 : compat-libtiff3 (EulerOS-SA-2017-1044)	Nessus	Huawei Local Security Checks	high
99888	EulerOS 2.0 SP2 : compat-libtiff3 (EulerOS-SA-2017-1043)	Nessus	Huawei Local Security Checks	high
99797	EulerOS 2.0 SP1 : libtiff (EulerOS-SA-2016-1034)	Nessus	Huawei Local Security Checks	high
97434	Ubuntu 14.04 LTS / 16.04 LTS / 16.10 : tiff vulnerabilities (USN-3212-1)	Nessus	Ubuntu Local Security Checks	high
96373	GLSA-201701-16 : libTIFF: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
94474	Debian DLA-693-2 : tiff regression update	Nessus	Debian Local Security Checks	high
93011	Amazon Linux AMI : libtiff (ALAS-2016-733)	Nessus	Amazon Linux Local Security Checks	high
92720	Scientific Linux Security Update : libtiff on SL7.x x86_64 (20160802)	Nessus	Scientific Linux Local Security Checks	high
92698	Scientific Linux Security Update : libtiff on SL6.x i386/x86_64 (20160802)	Nessus	Scientific Linux Local Security Checks	high
92697	RHEL 6 : libtiff (RHSA-2016:1547)	Nessus	Red Hat Local Security Checks	high
92696	RHEL 7 : libtiff (RHSA-2016:1546)	Nessus	Red Hat Local Security Checks	high
92691	OracleVM 3.3 / 3.4 : libtiff (OVMSA-2016-0093)	Nessus	OracleVM Local Security Checks	high
92690	Oracle Linux 6 : libtiff (ELSA-2016-1547)	Nessus	Oracle Linux Local Security Checks	high
92689	Oracle Linux 7 : libtiff (ELSA-2016-1546)	Nessus	Oracle Linux Local Security Checks	high
92682	CentOS 6 : libtiff (CESA-2016:1547)	Nessus	CentOS Local Security Checks	high
92681	CentOS 7 : libtiff (CESA-2016:1546)	Nessus	CentOS Local Security Checks	high

CVE-2015-8668

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins