Описание
Security update for tiff
This update for tiff fixes the following security issues:
These security issues were fixed:
- CVE-2017-18013: Fixed a NULL pointer dereference in the tif_print.cTIFFPrintDirectory function that could have lead to denial of service (bsc#1074317).
- CVE-2018-10963: Fixed an assertion failure in the TIFFWriteDirectorySec() function in tif_dirwrite.c, which allowed remote attackers to cause a denial of service via a crafted file (bsc#1092949).
- CVE-2018-7456: Prevent a NULL Pointer dereference in the function TIFFPrintDirectory when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013 (bsc#1082825).
- CVE-2017-11613: Prevent denial of service in the TIFFOpen function. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If the value of td_imagelength is set close to the amount of system memory, it will hang the system or trigger the OOM killer (bsc#1082332).
- CVE-2018-8905: Prevent heap-based buffer overflow in the function LZWDecodeCompat via a crafted TIFF file (bsc#1086408).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15
SUSE Linux Enterprise Module for Desktop Applications 15
Ссылки
- Link for SUSE-SU-2018:1889-1
- E-Mail link for SUSE-SU-2018:1889-1
- SUSE Security Ratings
- SUSE Bug 1074317
- SUSE Bug 1082332
- SUSE Bug 1082825
- SUSE Bug 1086408
- SUSE Bug 1092949
- SUSE CVE CVE-2017-11613 page
- SUSE CVE CVE-2017-18013 page
- SUSE CVE CVE-2018-10963 page
- SUSE CVE CVE-2018-7456 page
- SUSE CVE CVE-2018-8905 page
Описание
In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer.
Затронутые продукты
Ссылки
- CVE-2017-11613
- SUSE Bug 1082332
- SUSE Bug 1106853
Описание
In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.
Затронутые продукты
Ссылки
- CVE-2017-18013
- SUSE Bug 1074317
- SUSE Bug 1082825
Описание
The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726.
Затронутые продукты
Ссылки
- CVE-2018-10963
- SUSE Bug 1092949
Описание
A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)
Затронутые продукты
Ссылки
- CVE-2018-7456
- SUSE Bug 1074317
- SUSE Bug 1082825
Описание
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.
Затронутые продукты
Ссылки
- CVE-2018-8905
- SUSE Bug 1086408