Описание
The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| tiff | fixed | 4.0.7-7 | package | |
| tiff | fixed | 4.0.3-12.3+deb8u4 | jessie | package |
| tiff3 | removed | package |
Примечания
https://www.openwall.com/lists/oss-security/2015/12/26/7
SUSE seem to have a fix (disputed): https://bugzilla.suse.com/show_bug.cgi?id=960341
Reproducer file here: https://bugzilla.suse.com/attachment.cgi?id=665389
http://bugzilla.maptools.org/show_bug.cgi?id=2564
partially fixed by http://bugzilla.maptools.org/show_bug.cgi?id=2564#c2
--
The problem is present in tiff3 3.9.6-11+deb7u1 on wheezy (the problematic code
gets executed under gdb), however for some reason this does not lead to a segfault.
EPSS
Связанные уязвимости
The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image.
The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image.
The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image.
EPSS