http://bugzilla.maptools.org/show_bug.cgi?id=2816

105445

https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2018-17795

This update for tiff fixes the following issues :

Security issue fixed :

  - CVE-2018-10779: TIFFWriteScanline in tif_write.c had a     heap-based buffer over-read, as demonstrated by     bmp2tiff.(bsc#1092480)

  - CVE-2018-17100: There is a int32 overflow in multiply_ms     in tools/ppm2tiff.c, which can cause a denial of service     (crash) or possibly have unspecified other impact via a     crafted image file. (bsc#1108637)

  - CVE-2018-17101: There are two out-of-bounds writes in     cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can     cause a denial of service (application crash) or     possibly have unspecified other impact via a crafted     image file. (bsc#1108627)

  - CVE-2018-17795: The function t2p_write_pdf in tiff2pdf.c     allowed remote attackers to cause a denial of service     (heap-based buffer overflow and application crash) or     possibly have unspecified other impact via a crafted     TIFF file, a similar issue to CVE-2017-9935.
    (bsc#1110358)

  - CVE-2018-16335: newoffsets handling in     ChopUpSingleUncompressedStrip in tif_dirread.c allowed     remote attackers to cause a denial of service     (heap-based buffer overflow and application crash) or     possibly have unspecified other impact via a crafted     TIFF file, as demonstrated by tiff2pdf. This is a     different vulnerability than CVE-2018-15209.
    (bsc#1106853)

This update was imported from the SUSE:SLE-15:Update update project.

This update for tiff fixes the following issues :

Security issue fixed :

CVE-2018-10779: TIFFWriteScanline in tif_write.c had a heap-based buffer over-read, as demonstrated by bmp2tiff.(bsc#1092480)

CVE-2018-17100: There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.
(bsc#1108637)

CVE-2018-17101: There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108627)

CVE-2018-17795: The function t2p_write_pdf in tiff2pdf.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935.
(bsc#1110358)

CVE-2018-16335: newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209.
(bsc#1106853)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for tiff fixes the following issues :

CVE-2018-17100: There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.
(bsc#1108637)

CVE-2018-17101: There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108627)

CVE-2018-17795: The function t2p_write_pdf in tiff2pdf.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935.
(bsc#1110358)

CVE-2018-16335: newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209.
(bsc#1106853)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for tiff fixes the following issues :

  - CVE-2018-17100: There is a int32 overflow in multiply_ms     in tools/ppm2tiff.c, which can cause a denial of service     (crash) or possibly have unspecified other impact via a     crafted image file. (bsc#1108637)

  - CVE-2018-17101: There are two out-of-bounds writes in     cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can     cause a denial of service (application crash) or     possibly have unspecified other impact via a crafted     image file. (bsc#1108627)

  - CVE-2018-17795: The function t2p_write_pdf in tiff2pdf.c     allowed remote attackers to cause a denial of service     (heap-based buffer overflow and application crash) or     possibly have unspecified other impact via a crafted     TIFF file, a similar issue to CVE-2017-9935.
    (bsc#1110358)

  - CVE-2018-16335: newoffsets handling in     ChopUpSingleUncompressedStrip in tif_dirread.c allowed     remote attackers to cause a denial of service     (heap-based buffer overflow and application crash) or     possibly have unspecified other impact via a crafted     TIFF file, as demonstrated by tiff2pdf. This is a     different vulnerability than CVE-2018-15209.
    (bsc#1106853)

This update was imported from the SUSE:SLE-12:Update update project.

ID	Name	Product	Family	Severity
123354	openSUSE Security Update : tiff (openSUSE-2019-847)	Nessus	SuSE Local Security Checks	high
120140	SUSE SLED15 / SLES15 Security Update : tiff (SUSE-SU-2018:3327-1)	Nessus	SuSE Local Security Checks	high
118391	SUSE SLES11 Security Update : tiff (SUSE-SU-2018:3391-1)	Nessus	SuSE Local Security Checks	high
118384	openSUSE Security Update : tiff (openSUSE-2018-1249)	Nessus	SuSE Local Security Checks	high
118378	openSUSE Security Update : tiff (openSUSE-2018-1242)	Nessus	SuSE Local Security Checks	high
118321	SUSE SLED12 / SLES12 Security Update : tiff (SUSE-SU-2018:3289-1)	Nessus	SuSE Local Security Checks	high

CVE-2018-17795

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

high

high

high

high