Описание
Security update for tiff
The tiff library and tools were updated to version 4.0.7 fixing various bug and security issues.
- CVE-2014-8127: out-of-bounds read with malformed TIFF image in multiple tools [bnc#914890]
- CVE-2016-9297: tif_dirread.c read outside buffer in _TIFFPrintField() [bnc#1010161]
- CVE-2016-3658: Illegal read in TIFFWriteDirectoryTagLongLong8Array function in tiffset / tif_dirwrite.c [bnc#974840]
- CVE-2016-9273: heap overflow [bnc#1010163]
- CVE-2016-3622: divide By Zero in the tiff2rgba tool [bnc#974449]
- CVE-2016-5652: tiff2pdf JPEG Compression Tables Heap Buffer Overflow [bnc#1007280]
- CVE-2016-9453: out-of-bounds Write memcpy and less bound check in tiff2pdf [bnc#1011107]
- CVE-2016-5875: heap-based buffer overflow when using the PixarLog compressionformat [bnc#987351]
- CVE-2016-9448: regression introduced by fixing CVE-2016-9297 [bnc#1011103]
- CVE-2016-5321: out-of-bounds read in tiffcrop / DumpModeDecode() function [bnc#984813]
- CVE-2016-5323: Divide-by-zero in _TIFFFax3fillruns() function (null ptr dereference?) [bnc#984815]
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP1
SUSE Linux Enterprise Software Development Kit 12 SP2
Ссылки
- Link for SUSE-SU-2016:3301-1
- E-Mail link for SUSE-SU-2016:3301-1
- SUSE Security Ratings
- SUSE Bug 1007280
- SUSE Bug 1010161
- SUSE Bug 1010163
- SUSE Bug 1011103
- SUSE Bug 1011107
- SUSE Bug 914890
- SUSE Bug 974449
- SUSE Bug 974840
- SUSE Bug 984813
- SUSE Bug 984815
- SUSE Bug 987351
- SUSE CVE CVE-2014-8127 page
- SUSE CVE CVE-2016-3622 page
- SUSE CVE CVE-2016-3658 page
- SUSE CVE CVE-2016-5321 page
- SUSE CVE CVE-2016-5323 page
- SUSE CVE CVE-2016-5652 page
Описание
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.
Затронутые продукты
Ссылки
- CVE-2014-8127
- SUSE Bug 1206220
- SUSE Bug 914890
- SUSE Bug 916925
- SUSE Bug 942690
- SUSE Bug 969783
Описание
The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image.
Затронутые продукты
Ссылки
- CVE-2016-3622
- SUSE Bug 974449
Описание
The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable.
Затронутые продукты
Ссылки
- CVE-2016-3658
- SUSE Bug 974840
Описание
The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image.
Затронутые продукты
Ссылки
- CVE-2016-5321
- SUSE Bug 984813
Описание
The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image.
Затронутые продукты
Ссылки
- CVE-2016-5323
- SUSE Bug 984815
Описание
An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means.
Затронутые продукты
Ссылки
- CVE-2016-5652
- SUSE Bug 1007280
Описание
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5314. Reason: This candidate is a reservation duplicate of CVE-2016-5314. Notes: All CVE users should reference CVE-2016-5314 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Затронутые продукты
Ссылки
- CVE-2016-5875
- SUSE Bug 1007284
- SUSE Bug 984809
- SUSE Bug 984831
- SUSE Bug 987351
Описание
tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode.
Затронутые продукты
Ссылки
- CVE-2016-9273
- SUSE Bug 1010163
- SUSE Bug 1017693
- SUSE Bug 1150480
Описание
The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values.
Затронутые продукты
Ссылки
- CVE-2016-9297
- SUSE Bug 1010161
- SUSE Bug 1011103
Описание
The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII to values that access 0-byte arrays. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9297.
Затронутые продукты
Ссылки
- CVE-2016-9448
- SUSE Bug 1010161
- SUSE Bug 1011103
Описание
The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one.
Затронутые продукты
Ссылки
- CVE-2016-9453
- SUSE Bug 1007280
- SUSE Bug 1011107