Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2018:3289-1

Опубликовано: 22 окт. 2018
Источник: suse-cvrf

Описание

Security update for tiff

This update for tiff fixes the following issues:

  • CVE-2018-17100: There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108637)
  • CVE-2018-17101: There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108627)
  • CVE-2018-17795: The function t2p_write_pdf in tiff2pdf.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. (bsc#1110358)
  • CVE-2018-16335: newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209. (bsc#1106853)

Список пакетов

SUSE Linux Enterprise Desktop 12 SP3
libtiff5-4.0.9-44.24.1
libtiff5-32bit-4.0.9-44.24.1
SUSE Linux Enterprise Server 12 SP3
libtiff5-4.0.9-44.24.1
libtiff5-32bit-4.0.9-44.24.1
tiff-4.0.9-44.24.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libtiff5-4.0.9-44.24.1
libtiff5-32bit-4.0.9-44.24.1
tiff-4.0.9-44.24.1
SUSE Linux Enterprise Software Development Kit 12 SP3
libtiff-devel-4.0.9-44.24.1

Ссылки

Описание

In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.9-44.24.1
SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.9-44.24.1
SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.24.1
SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.24.1
Ссылки

Описание

In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.9-44.24.1
SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.9-44.24.1
SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.24.1
SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.24.1
Ссылки

Описание

newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.9-44.24.1
SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.9-44.24.1
SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.24.1
SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.24.1
Ссылки

Описание

An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.9-44.24.1
SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.9-44.24.1
SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.24.1
SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.24.1
Ссылки

Описание

An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.9-44.24.1
SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.9-44.24.1
SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.24.1
SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.24.1
Ссылки

Описание

The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libtiff5-32bit-4.0.9-44.24.1
SUSE Linux Enterprise Desktop 12 SP3:libtiff5-4.0.9-44.24.1
SUSE Linux Enterprise Server 12 SP3:libtiff5-32bit-4.0.9-44.24.1
SUSE Linux Enterprise Server 12 SP3:libtiff5-4.0.9-44.24.1
Ссылки
Уязвимость SUSE-SU-2018:3289-1