Описание
The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| tiff | fixed | 4.0.7-1 | package | |
| tiff3 | removed | package | ||
| tiff3 | not-affected | wheezy | package |
Примечания
http://bugzilla.maptools.org/show_bug.cgi?id=2590
https://www.openwall.com/lists/oss-security/2016/11/12/2
Patch https://github.com/vadz/libtiff/commit/30c9234c7fd0dd5e8b1e83ad44370c875a0270ed
Reproducible with valgrind in wheezy with 4.0.2-6+deb7u7
Reproducible with valgrind in jessie with 4.0.3-12.3+deb8u1
When fixing this CVE make sure to make the fix complete and not
introduce CVE-2016-9448 / http://bugzilla.maptools.org/show_bug.cgi?id=2593
Fix in 4.0.7 is complete.
Patch CVE-2016-9448: https://github.com/vadz/libtiff/commit/89406285f318ffad27af4b200204394b2ee6ba5e
Связанные уязвимости
The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values.
The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values.
The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values.
The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values.
Уязвимость библиотеки LibTIFF, позволяющая нарушителю вызвать отказ в обслуживании