Описание
Security update for tiff
LibTiff was updated to the 4.0.4 stable release fixing various security issues and bugs.
These security issues were fixed:
- CVE-2014-8127: Out-of-bounds write (bnc#914890).
- CVE-2014-8128: Out-of-bounds write (bnc#914890).
- CVE-2014-8129: Out-of-bounds write (bnc#914890).
- CVE-2014-8130: Out-of-bounds write (bnc#914890).
- CVE-2014-9655: Access of uninitialized memory (bnc#916927).
Список пакетов
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Software Development Kit 12
Ссылки
- Link for SUSE-SU-2015:1475-1
- E-Mail link for SUSE-SU-2015:1475-1
- SUSE Security Ratings
- SUSE Bug 914890
- SUSE Bug 916927
- SUSE CVE CVE-2014-8127 page
- SUSE CVE CVE-2014-8128 page
- SUSE CVE CVE-2014-8129 page
- SUSE CVE CVE-2014-8130 page
- SUSE CVE CVE-2014-9655 page
Описание
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.
Затронутые продукты
Ссылки
- CVE-2014-8127
- SUSE Bug 1206220
- SUSE Bug 914890
- SUSE Bug 916925
- SUSE Bug 942690
- SUSE Bug 969783
Описание
LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image.
Затронутые продукты
Ссылки
- CVE-2014-8128
- SUSE Bug 1007276
- SUSE Bug 1017690
- SUSE Bug 1040322
- SUSE Bug 1206220
- SUSE Bug 914890
- SUSE Bug 916925
- SUSE Bug 942690
- SUSE Bug 960341
- SUSE Bug 969783
- SUSE Bug 974621
- SUSE Bug 983436
Описание
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.
Затронутые продукты
Ссылки
- CVE-2014-8129
- SUSE Bug 1206220
- SUSE Bug 914890
- SUSE Bug 916925
- SUSE Bug 942690
- SUSE Bug 969783
Описание
The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.
Затронутые продукты
Ссылки
- CVE-2014-8130
- SUSE Bug 1206220
- SUSE Bug 914890
- SUSE Bug 916925
- SUSE Bug 942690
- SUSE Bug 969783
Описание
The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.
Затронутые продукты
Ссылки
- CVE-2014-9655
- SUSE Bug 1206220
- SUSE Bug 914890
- SUSE Bug 916925
- SUSE Bug 916927
- SUSE Bug 969783