Описание
Security update for tiff
This update for tiff fixes the following issues:
- CVE-2016-3622: Specially crafted TIFF images could trigger a crash in tiff2rgba (bsc#974449)
- Various out-of-bound write vulnerabilities with unspecified impact (MSVR 35093, MSVR 35094, MSVR 35095, MSVR 35096, MSVR 35097, MSVR 35098)
- CVE-2016-5314: Specially crafted TIFF images could trigger a crash that could result in DoS (bsc#984831)
- CVE-2016-5316: Specially crafted TIFF images could trigger a crash in the rgb2ycbcr tool, leading to Doa (bsc#984837)
- CVE-2016-5317: Specially crafted TIFF images could trigger a crash through an out of bound write (bsc#984842)
- CVE-2016-5320: Specially crafted TIFF images could trigger a crash or potentially allow remote code execution when using the rgb2ycbcr command (bsc#984808)
- CVE-2016-5875: Specially crafted TIFF images could trigger could allow arbitrary code execution (bsc#987351)
- CVE-2016-3623: Specially crafted TIFF images could trigger a crash in rgb2ycbcr (bsc#974618)
- CVE-2016-3945: Specially crafted TIFF images could trigger a crash or allow for arbitrary command execution via tiff2rgba (bsc#974614)
- CVE-2016-3990: Specially crafted TIFF images could trigger a crash or allow for arbitrary command execution (bsc#975069)
- CVE-2016-3186: Specially crafted TIFF imaged could trigger a crash in the gif2tiff command via a buffer overflow (bsc#973340)
Список пакетов
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP4
Ссылки
- Link for SUSE-SU-2016:2527-1
- E-Mail link for SUSE-SU-2016:2527-1
- SUSE Security Ratings
- SUSE Bug 973340
- SUSE Bug 974449
- SUSE Bug 974614
- SUSE Bug 974618
- SUSE Bug 975069
- SUSE Bug 984808
- SUSE Bug 984831
- SUSE Bug 984837
- SUSE Bug 984842
- SUSE Bug 987351
- SUSE CVE CVE-2016-3186 page
- SUSE CVE CVE-2016-3622 page
- SUSE CVE CVE-2016-3623 page
- SUSE CVE CVE-2016-3945 page
- SUSE CVE CVE-2016-3990 page
- SUSE CVE CVE-2016-5314 page
- SUSE CVE CVE-2016-5316 page
Описание
Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file.
Затронутые продукты
Ссылки
- CVE-2016-3186
- SUSE Bug 973340
- SUSE Bug 983268
Описание
The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image.
Затронутые продукты
Ссылки
- CVE-2016-3622
- SUSE Bug 974449
Описание
The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0.
Затронутые продукты
Ссылки
- CVE-2016-3623
- SUSE Bug 974617
- SUSE Bug 974618
Описание
Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write.
Затронутые продукты
Ссылки
- CVE-2016-3945
- SUSE Bug 974614
Описание
Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp.
Затронутые продукты
Ссылки
- CVE-2016-3990
- SUSE Bug 975069
Описание
Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr.
Затронутые продукты
Ссылки
- CVE-2016-5314
- SUSE Bug 984831
- SUSE Bug 987351
Описание
Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool.
Затронутые продукты
Ссылки
- CVE-2016-5316
- SUSE Bug 984837
Описание
Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file.
Затронутые продукты
Ссылки
- CVE-2016-5317
- SUSE Bug 984842
Описание
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5314. Reason: This candidate is a reservation duplicate of CVE-2016-5314. Notes: All CVE users should reference CVE-2016-5314 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Затронутые продукты
Ссылки
- CVE-2016-5320
- SUSE Bug 1007284
- SUSE Bug 984808
- SUSE Bug 987351
Описание
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5314. Reason: This candidate is a reservation duplicate of CVE-2016-5314. Notes: All CVE users should reference CVE-2016-5314 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Затронутые продукты
Ссылки
- CVE-2016-5875
- SUSE Bug 1007284
- SUSE Bug 984809
- SUSE Bug 984831
- SUSE Bug 987351