[oss-security] 20160427 3 bugs refer to buffer overflow in in libtiff 4.0.6

[oss-security] 20160606 3 bugs refer to buffer overflow in in libtiff 4.0.6

88604

GLSA-201701-16

This update for tiff fixes the following issues :

Security issues fixed :

CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c (bsc#1113672).

CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf (bsc#1099257).

CVE-2017-9147: Fixed invalid read in the _TIFFVGetField function in tif_dir.c, that allowed remote attackers to cause a DoS via acrafted TIFF file (bsc#1040322).

CVE-2017-9117: Fixed BMP images processing that was verified without biWidth and biHeight values (bsc#1040080).

CVE-2017-17942: Fixed issue in the function PackBitsEncode that could have led to a heap overflow and caused a DoS (bsc#1074186).

CVE-2016-9273: Fixed heap-based buffer overflow issue (bsc#1010163).

CVE-2016-5319: Fixed heap-based buffer overflow in PackBitsEncode (bsc#983440).

CVE-2016-3621: Fixed out-of-bounds read in the bmp2tiff tool (lzw packing) (bsc#974448).

CVE-2016-3620: Fixed out-of-bounds read in the bmp2tiff tool (zip packing) (bsc#974447)

CVE-2016-3619: Fixed out-of-bounds read in the bmp2tiff tool (none packing) (bsc#974446)

CVE-2015-8870: Fixed integer overflow in tools/bmp2tiff.c that allowed remote attackers to causea DOS (bsc#1014461).

Non-security issues fixed: asan_build: build ASAN included

debug_build: build more suitable for debugging

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for tiff fixes the following issues :

Security issues fixed :

  - CVE-2018-10779: Fixed a heap-based buffer overflow in     TIFFWriteScanline() in tif_write.c (bsc#1092480)

  - CVE-2017-17942: Fixed a heap-based buffer overflow in     the function PackBitsEncode in tif_packbits.c.
    (bsc#1074186)

  - CVE-2016-5319: Fixed a beap-based buffer overflow in     bmp2tiff (bsc#983440)

This update was imported from the SUSE:SLE-12:Update update project.

This update for tiff fixes the following issues :

Security issues fixed :

CVE-2018-10779: Fixed a heap-based buffer overflow in TIFFWriteScanline() in tif_write.c (bsc#1092480)

CVE-2017-17942: Fixed a heap-based buffer overflow in the function PackBitsEncode in tif_packbits.c. (bsc#1074186)

CVE-2016-5319: Fixed a beap-based buffer overflow in bmp2tiff (bsc#983440)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for tiff fixes the following issues :

The following security vulnerabilities were addressed :

CVE-2015-8668: Fixed a heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff, which allowed remote attackers to execute arbitrary code or cause a denial of service via a large width field in a specially crafted BMP image.
(bsc#960589)

CVE-2018-10779: Fixed a heap-based buffer over-read in TIFFWriteScanline() in tif_write.c (bsc#1092480)

CVE-2017-17942: Fixed a heap-based buffer overflow in the function PackBitsEncode in tif_packbits.c. (bsc#1074186)

CVE-2016-5319: Fixed a beap-based buffer overflow in bmp2tiff (bsc#983440)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201701-16 (libTIFF: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in libTIFF. Please review       the CVE identifier and bug reports referenced for details.
  Impact :

    A remote attacker could entice a user to process a specially crafted       image file, possibly resulting in execution of arbitrary code with the       privileges of the process or a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

Version 4.0.2-6+deb7u7 introduced changes that resulted in libtiff being unable to write out tiff files when the compression scheme in use relies on codec-specific TIFF tags embedded in the image.

This problem manifested itself with errors like those: $ tiffcp -r 16
-c jpeg sample.tif out.tif _TIFFVGetField: out.tif: Invalid tag 'Predictor' (not supported by codec). _TIFFVGetField: out.tif: Invalid tag 'BadFaxLines' (not supported by codec). tiffcp:
tif_dirwrite.c:687: TIFFWriteDirectorySec: Assertion `0' failed.

For Debian 7 'Wheezy', these problems have been fixed in version 4.0.2-6+deb7u10.

We recommend that you upgrade your tiff packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
119143	SUSE SLES11 Security Update : tiff (SUSE-SU-2018:3879-1)	Nessus	SuSE Local Security Checks	critical
117798	openSUSE Security Update : tiff (openSUSE-2018-1056)	Nessus	SuSE Local Security Checks	high
117698	SUSE SLED12 / SLES12 Security Update : tiff (SUSE-SU-2018:2836-1)	Nessus	SuSE Local Security Checks	high
117448	SUSE SLES11 Security Update : tiff (SUSE-SU-2018:2676-1)	Nessus	SuSE Local Security Checks	critical
96373	GLSA-201701-16 : libTIFF: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
94474	Debian DLA-693-2 : tiff regression update	Nessus	Debian Local Security Checks	critical

CVE-2016-5319

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

critical

high

high

critical

critical

critical