Updated libtiff packages fix security vulnerability
Publication date: 01 Jul 2017Type: security
Affected Mageia releases : 5
CVE: CVE-2014-8128 , CVE-2016-3658 , CVE-2016-9535 , CVE-2016-10092 , CVE-2016-10093 , CVE-2016-10094 , CVE-2016-10095 , CVE-2016-10266 , CVE-2016-10267 , CVE-2016-10268 , CVE-2016-10269 , CVE-2016-10270 , CVE-2016-10271 , CVE-2016-10272 , CVE-2017-5225 , CVE-2017-7592 , CVE-2017-7593 , CVE-2017-7594 , CVE-2017-7595 , CVE-2017-7596 , CVE-2017-7597 , CVE-2017-7598 , CVE-2017-7599 , CVE-2017-7600 , CVE-2017-7601 , CVE-2017-7602
Description
Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image. (CVE-2016-10092) Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image, which triggers a heap-based buffer overflow. (CVE-2016-10093) Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image. (CVE-2016-10094) Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file. (CVE-2016-10095) LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value. (CVE-2017-5225) LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22. (CVE-2016-10266) LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8. (CVE-2016-10267) tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 78490" and libtiff/tif_unix.c:115:23. (CVE-2016-10268) LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 512" and libtiff/tif_unix.c:340:2. (CVE-2016-10269) LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 8" and libtiff/tif_read.c:523:22. (CVE-2016-10270) tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 1" and libtiff/tif_fax3.c:413:13. (CVE-2016-10271) LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and libtiff/tif_next.c:64:9. (CVE-2016-10272) The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (CVE-2017-7592) tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image. (CVE-2017-7593) The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image. (CVE-2017-7594) The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. (CVE-2017-7595) LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (CVE-2017-7596) tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (CVE-2017-7597) tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. (CVE-2017-7598) LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (CVE-2017-7599) LibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (CVE-2017-7600) LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (CVE-2017-7601) LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (CVE-2017-7602) The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable. (CVE-2016-3658) tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow." (CVE-2016-9535) libtiff: out-of-bounds write in multiple tools. (CVE-2014-8128)
References
- https://bugs.mageia.org/show_bug.cgi?id=20057
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8128
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3658
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9535
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10092
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10093
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10094
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10095
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10266
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10267
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10268
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10269
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10270
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10271
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10272
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5225
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7592
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7593
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7594
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7595
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7596
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7597
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7598
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7599
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7600
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7601
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7602
SRPMS
5/core
- libtiff-4.0.8-1.mga5