http://bugzilla.maptools.org/show_bug.cgi?id=2811

openSUSE-SU-2019:1161

105342

[debian-lts-announce] 20190218 [SECURITY] [DLA 1680-1] tiff security update

USN-3906-1

Several vulnerabilities have been found in the TIFF library, which may result in denial of service or the execution of arbitrary code if malformed image files are processed.

This update for tiff fixes the following issues :

Security issues fixed :

CVE-2019-14973: Fixed an improper check which was depended on the compiler which could have led to integer overflow (bsc#1146608).

CVE-2016-5102: Fixed a buffer overflow in readgifimage() (bsc#983268)

CVE-2018-17000: Fixed a NULL pointer dereference in the _TIFFmemcmp function (bsc#1108606).

CVE-2019-6128: Fixed a memory leak in the TIFFFdOpen function in tif_unix.c (bsc#1121626).

CVE-2019-7663: Fixed an invalid address dereference in the TIFFWriteDirectoryTagTransfer function in libtiff/tif_dirwrite.c (bsc#1125113)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for tiff fixes the following issues :

Security issues fixed :

  - CVE-2018-19210: Fixed a NULL pointer dereference in     TIFFWriteDirectorySec function (bsc#1115717). 

  - CVE-2018-17000: Fixed a NULL pointer dereference in the
    _TIFFmemcmp function (bsc#1108606).

  - CVE-2019-6128: Fixed a memory leak in the TIFFFdOpen     function in tif_unix.c (bsc#1121626).

  - CVE-2019-7663: Fixed an invalid address dereference in     the TIFFWriteDirectoryTagTransfer function in     libtiff/tif_dirwrite.c (bsc#1125113)

This update was imported from the SUSE:SLE-15:Update update project.

This update for tiff fixes the following issues :

Security issues fixed :

CVE-2018-19210: Fixed a NULL pointer dereference in TIFFWriteDirectorySec function (bsc#1115717).

CVE-2018-17000: Fixed a NULL pointer dereference in the _TIFFmemcmp function (bsc#1108606).

CVE-2019-6128: Fixed a memory leak in the TIFFFdOpen function in tif_unix.c (bsc#1121626).

CVE-2019-7663: Fixed an invalid address dereference in the TIFFWriteDirectoryTagTransfer function in libtiff/tif_dirwrite.c (bsc#1125113)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Brief introduction 

CVE-2018-17000

A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) allows an attacker to cause a denial of service through a crafted tiff file. This vulnerability can be triggered by the executable tiffcp.

CVE-2018-19210

There is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset.

CVE-2019-7663

An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file.

We believe this is the same as CVE-2018-17000 (above).

For Debian 8 'Jessie', these problems have been fixed in version 4.0.3-12.3+deb8u8.

We recommend that you upgrade your tiff packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
136127	Debian DSA-4670-1 : tiff - security update	Nessus	Debian Local Security Checks	high
131308	SUSE SLED12 / SLES12 Security Update : tiff (SUSE-SU-2019:3058-1)	Nessus	SuSE Local Security Checks	high
123816	openSUSE Security Update : tiff (openSUSE-2019-1161)	Nessus	SuSE Local Security Checks	high
123497	SUSE SLED15 / SLES15 Security Update : tiff (SUSE-SU-2019:0786-1)	Nessus	SuSE Local Security Checks	high
122811	Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : LibTIFF vulnerabilities (USN-3906-1)	Nessus	Ubuntu Local Security Checks	high
122265	Debian DLA-1680-1 : tiff security update	Nessus	Debian Local Security Checks	medium

CVE-2018-17000

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Tenable Plugins

high

high

high

high

high

medium