SUSE-SU-2018:1179-1

Source
https://www.suse.com/support/update/announcement/2018/suse-su-20181179-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:1179-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2018:1179-1
Related
Published
2018-05-09T12:01:09Z
Modified
2018-05-09T12:01:09Z
Summary
Security update for tiff
Details

This update for tiff fixes the following issues:

  • CVE-2016-9453: The t2preadwritepdfimagetile function allowed remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one (bsc#1011107).
  • CVE-2016-5652: An exploitable heap-based buffer overflow existed in the handling of TIFF images in the TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means (bsc#1007280).
  • CVE-2017-11335: There is a heap based buffer overflow in tools/tiff2pdf.c via a PlanarConfig=Contig image, which caused a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack (bsc#1048937).
  • CVE-2016-9536: tools/tiff2pdf.c had an out-of-bounds write vulnerabilities in heap allocated buffers in t2pprocessjpegstrip(). Reported as MSVR 35098, aka 't2pprocessjpegstrip heap-buffer-overflow.' (bsc#1011845)
  • CVE-2017-9935: In LibTIFF, there was a heap-based buffer overflow in the t2pwritepdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2pfree, memory corruption in t2preadwritepdfimage, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution (bsc#1046077).
  • CVE-2017-17973: There is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. (bsc#1074318)
  • CVE-2015-7554: The TIFFVGetField function in tifdir.c allowed attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image (bsc#960341).
  • CVE-2016-5318: Stack-based buffer overflow in the _TIFFVGetField function allowed remote attackers to crash the application via a crafted tiff (bsc#983436).
  • CVE-2016-10095: Stack-based buffer overflow in the TIFFVGetField function in tifdir.c allowed remote attackers to cause a denial of service (crash) via a crafted TIFF file (bsc#1017690,).
  • CVE-2016-10268: tools/tiffcp.c allowed remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 78490' and libtiff/tif_unix.c:115:23 (bsc#1031255)
  • An overlapping of memcpy parameters was fixed which could lead to content corruption (bsc#1017691).
  • Fixed an invalid memory read which could lead to a crash (bsc#1017692).
  • Fixed a NULL pointer dereference in TIFFReadRawData (tiffinfo.c) that could crash the decoder (bsc#1017688).
References

Affected packages

SUSE:Linux Enterprise Software Development Kit 11 SP4 / tiff

Package

Name
tiff
Purl
purl:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.8.2-141.169.3.1

Ecosystem specific

{
    "binaries": [
        {
            "libtiff-devel-32bit": "3.8.2-141.169.3.1",
            "libtiff-devel": "3.8.2-141.169.3.1"
        }
    ]
}

SUSE:Linux Enterprise Server 11 SP4 / tiff

Package

Name
tiff
Purl
purl:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.8.2-141.169.3.1

Ecosystem specific

{
    "binaries": [
        {
            "tiff": "3.8.2-141.169.3.1",
            "libtiff3-32bit": "3.8.2-141.169.3.1",
            "libtiff3": "3.8.2-141.169.3.1",
            "libtiff3-x86": "3.8.2-141.169.3.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 11 SP4 / tiff

Package

Name
tiff
Purl
purl:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.8.2-141.169.3.1

Ecosystem specific

{
    "binaries": [
        {
            "tiff": "3.8.2-141.169.3.1",
            "libtiff3-32bit": "3.8.2-141.169.3.1",
            "libtiff3": "3.8.2-141.169.3.1",
            "libtiff3-x86": "3.8.2-141.169.3.1"
        }
    ]
}