SynopsisThe remote Debian host is missing a security update.
DescriptionSeveral issues were discovered in TIFF, the Tag Image File Format library, that allowed remote attackers to cause a denial of service or other unspecified impact via a crafted image file.
CVE-2017-11613: DoS vulnerability A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the
_TIFFCheckMalloc function is called based on td_imagelength. If the value of td_imagelength is set close to the amount of system memory, it will hang the system or trigger the OOM killer.
CVE-2018-10963: DoS vulnerability The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726.
CVE-2018-5784: DoS vulnerability In LibTIFF, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c.
Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries.
CVE-2018-7456: NULL pointer Dereference A NULL pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)
CVE-2018-8905: Heap-based buffer overflow In LibTIFF, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.
For Debian 8 'Jessie', these problems have been fixed in version 4.0.3-12.3+deb8u6.
We recommend that you upgrade your tiff packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpgrade the affected packages.