Advisories ยป MGASA-2018-0109

Updated libtiff packages fix security vulnerability

Publication date: 06 Feb 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-17095 , CVE-2017-9935 , CVE-2017-18013


tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to
cause a denial of service (TIFFSetupStrips heap-based buffer overflow and
application crash) or possibly have unspecified other impact via a crafted
TIFF file. (CVE-2017-17095)

In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf
function in tools/tiff2pdf.c. This heap overflow could lead to different
damages. For example, a crafted TIFF document can lead to an out-of-bounds
read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory
corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given
these possibilities, it probably could cause arbitrary code execution.

In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c
TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.