openSUSE-SU-2016:1889

openSUSE-SU-2016:2321

openSUSE-SU-2016:2375

DSA-3762

[oss-security] 20160615 CVE-2016-5316: libtiff 4.0.6  tif_pixarlog.c:  PixarLogCleanup() Segmentation fault

91203

GLSA-201701-16

It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple vulnerabilities have been discovered in the libtiff library and the included tools tiff2rgba, rgb2ycbcr, tiffcp, tiffcrop, tiff2pdf and tiffsplit, which may result in denial of service, memory disclosure or the execution of arbitrary code.

There were additional vulnerabilities in the tools bmp2tiff, gif2tiff, thumbnail and ras2tiff, but since these were addressed by the libtiff developers by removing the tools altogether, no patches are available and those tools were also removed from the tiff package in Debian stable. The change had already been made in Debian stretch before and no applications included in Debian are known to rely on these scripts.
If you use those tools in custom setups, consider using a different conversion/thumbnailing tool.

The remote host is affected by the vulnerability described in GLSA-201701-16 (libTIFF: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in libTIFF. Please review       the CVE identifier and bug reports referenced for details.
  Impact :

    A remote attacker could entice a user to process a specially crafted       image file, possibly resulting in execution of arbitrary code with the       privileges of the process or a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

This update for tiff fixes the following issues :

  - CVE-2016-3622: Specially crafted TIFF images could     trigger a crash in tiff2rgba (bsc#974449)

  - Various out-of-bound write vulnerabilities with     unspecified impact (MSVR 35093, MSVR 35094, MSVR 35095,     MSVR 35096, MSVR 35097, MSVR 35098)

  - CVE-2016-5314: Specially crafted TIFF images could     trigger a crash that could result in DoS (bsc#984831)

  - CVE-2016-5316: Specially crafted TIFF images could     trigger a crash in the rgb2ycbcr tool, leading to Doa     (bsc#984837)

  - CVE-2016-5317: Specially crafted TIFF images could     trigger a crash through an out of bound write     (bsc#984842)

  - CVE-2016-5320: Specially crafted TIFF images could     trigger a crash or potentially allow remote code     execution when using the rgb2ycbcr command (bsc#984808)

  - CVE-2016-5875: Specially crafted TIFF images could     trigger could allow arbitrary code execution     (bsc#987351)

  - CVE-2016-3623: Specially crafted TIFF images could     trigger a crash in rgb2ycbcr (bsc#974618)

  - CVE-2016-3945: Specially crafted TIFF images could     trigger a crash or allow for arbitrary command execution     via tiff2rgba (bsc#974614)

  - CVE-2016-3990: Specially crafted TIFF images could     trigger a crash or allow for arbitrary command execution     (bsc#975069)

  - CVE-2016-3186: Specially crafted TIFF imaged could     trigger a crash in the gif2tiff command via a buffer     overflow (bsc#973340)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for tiff fixes the following issues :

  - CVE-2015-8781, CVE-2015-8782, CVE-2015-8783:
    Out-of-bounds writes for invalid images (bsc#964225)

  - CVE-2016-3186: Buffer overflow in gif2tiff (bnc#973340).

  - CVE-2016-5875: heap-based buffer overflow when using the     PixarLog compressionformat (bsc#987351)

  - CVE-2016-5316: Out-of-bounds read in PixarLogCleanup()     function in tif_pixarlog.c (bsc#984837)

  - CVE-2016-5314: Out-of-bounds write in PixarLogDecode()     function (bsc#984831)

  - CVE-2016-5317: Out-of-bounds write in PixarLogDecode()     function in libtiff.so (bsc#984842)

  - CVE-2016-5320: Out-of-bounds write in PixarLogDecode()     function in tif_pixarlog.c (bsc#984808)

This update for tiff fixes the following issues :

  - CVE-2015-8781, CVE-2015-8782, CVE-2015-8783:
    Out-of-bounds writes for invalid images (bsc#964225)

  - CVE-2016-3186: Buffer overflow in gif2tiff (bnc#973340).

  - CVE-2016-5875: heap-based buffer overflow when using the     PixarLog compressionformat (bsc#987351)

  - CVE-2016-5316: Out-of-bounds read in PixarLogCleanup()     function in tif_pixarlog.c (bsc#984837)

  - CVE-2016-5314: Out-of-bounds write in PixarLogDecode()     function (bsc#984831)

  - CVE-2016-5317: Out-of-bounds write in PixarLogDecode()     function in libtiff.so (bsc#984842)

  - CVE-2016-5320: Out-of-bounds write in PixarLogDecode()     function in tif_pixarlog.c (bsc#984808) 

This update was imported from the SUSE:SLE-12:Update update project.

This update for tiff fixes the following issues :

  - CVE-2015-8781, CVE-2015-8782, CVE-2015-8783:
    Out-of-bounds writes for invalid images (bsc#964225)

  - CVE-2016-3186: Buffer overflow in gif2tiff (bnc#973340).

  - CVE-2016-5875: heap-based buffer overflow when using the     PixarLog compressionformat (bsc#987351)

  - CVE-2016-5316: Out-of-bounds read in PixarLogCleanup()     function in tif_pixarlog.c (bsc#984837)

  - CVE-2016-5314: Out-of-bounds write in PixarLogDecode()     function (bsc#984831)

  - CVE-2016-5317: Out-of-bounds write in PixarLogDecode()     function in libtiff.so (bsc#984842)

  - CVE-2016-5320: Out-of-bounds write in PixarLogDecode()     function in tif_pixarlog.c (bsc#984808)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Version 3.9.6-11+deb7u1 and 3.9.6-11+deb7u2 introduced changes that resulted in libtiff writing out invalid tiff files when the compression scheme in use relies on codec-specific TIFF tags embedded in the image.

For Debian 7 'Wheezy', these problems have been fixed in version 3.9.6-11+deb7u3.

We recommend that you upgrade your tiff3 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities were found in the tiff library, potentially causing denial of services to applications using it.

For Debian 7 'Wheezy', these problems have been fixed in version 4.0.2-6+deb7u6.

We recommend that you upgrade your tiff packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for tiff fixes the following issues :

Security issues fixed :

  - CVE-2016-5314: Fixed an out-of-bounds write in     PixarLogDecode() function (boo#984831)

  - CVE-2016-5316: Fixed an out-of-bounds read in     PixarLogCleanup() function in tif_pixarlog.c     (boo#984837)

  - CVE-2016-5317: Fixed an out-of-bounds write in     PixarLogDecode() function in libtiff.so (boo#984842)

  - CVE-2016-5320: Fixed an out-of-bounds write in     PixarLogDecode() function in tif_pixarlog.c (boo#984808)

  - CVE-2016-5875: Fixed a heap-based buffer overflow when     using the PixarLog compressionformat (boo#987351)

Bugs fixed :

  - boo#964225: Fixed writes for invalid images (upstream     bug #2522)

ID	Name	Product	Family	Severity
97434	Ubuntu 14.04 LTS / 16.04 LTS / 16.10 : tiff vulnerabilities (USN-3212-1)	Nessus	Ubuntu Local Security Checks	high
96495	Debian DSA-3762-1 : tiff - security update	Nessus	Debian Local Security Checks	high
96373	GLSA-201701-16 : libTIFF: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
94067	SUSE SLES11 Security Update : tiff (SUSE-SU-2016:2527-1)	Nessus	SuSE Local Security Checks	medium
93707	openSUSE Security Update : tiff (openSUSE-2016-1122)	Nessus	SuSE Local Security Checks	medium
93585	openSUSE Security Update : tiff (openSUSE-2016-1089)	Nessus	SuSE Local Security Checks	medium
93439	SUSE SLED12 / SLES12 Security Update : tiff (SUSE-SU-2016:2271-1)	Nessus	SuSE Local Security Checks	medium
93322	Debian DLA-610-2 : tiff3 regression update	Nessus	Debian Local Security Checks	high
93236	Debian DLA-606-1 : tiff security update	Nessus	Debian Local Security Checks	medium
92597	openSUSE Security Update : tiff (openSUSE-2016-911)	Nessus	SuSE Local Security Checks	medium

CVE-2016-5316

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins