Overview

File _patchinfo of Package patchinfo.7538

<patchinfo incident="7538">
  <issue tracker="bnc" id="1092949">VUL-1: CVE-2018-10963: tiff: The TIFFWriteDirectorySec() function in tif_dirwrite.c allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file</issue>
  <issue tracker="bnc" id="1074317">VUL-0: CVE-2017-18013: tiff: A Null-Pointer Dereference in the tif_print.cTIFFPrintDirectory function, could lead to denial of service</issue>
  <issue id="1007276" tracker="bnc">VUL-0:  CVE-2016-8331: tiff: FAX IFD Entry Parsing Type Confusion</issue>
  <issue id="1082332" tracker="bnc">VUL-1: CVE-2017-11613: tiff: denial of service in TIFFOpen function</issue>
  <issue id="1082825" tracker="bnc">VUL-0: CVE-2018-7456: tiff: A NULL Pointer Dereference occurs in the function TIFFPrintDirectory intif_print.c when using the tiffinfo tool to print crafted TIFFinformation, a different vulnerability than CVE-2017-18013.</issue>
  <issue id="1086408" tracker="bnc">VUL-0: CVE-2018-8905: tiff: A heap-based buffer overflow occurs in the functionLZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated bytiff2ps.</issue>
  <issue id="974621" tracker="bnc">VUL-1: CVE-2016-3632: tiff: Illegal write in thumbnail /  _TIFFVGetField</issue>
  <issue id="2016-3632" tracker="cve" />
  <issue id="2016-8331" tracker="cve" />
  <issue id="2017-11613" tracker="cve" />
  <issue id="2017-13726" tracker="cve" />
  <issue id="2018-7456" tracker="cve" />
  <issue id="2018-8905" tracker="cve" />
  <issue tracker="cve" id="2018-10963"/>
  <issue tracker="cve" id="2017-18013"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>mvetter</packager>
  <description>This update for tiff fixes the following issues:

These security issues were fixed:

- CVE-2017-18013: There was a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.  (bsc#1074317)
- CVE-2018-10963: The TIFFWriteDirectorySec() function in tif_dirwrite.c allowed remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726.  (bsc#1092949)
- CVE-2018-7456: Prevent a NULL Pointer dereference in the function TIFFPrintDirectory when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013 (bsc#1082825)
- CVE-2017-11613: Prevent denial of service in the TIFFOpen function. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If the value of td_imagelength is set close to the amount of system memory, it will hang the system or trigger the OOM killer (bsc#1082332)
- CVE-2018-8905: Prevent heap-based buffer overflow in the function LZWDecodeCompat via a crafted TIFF file (bsc#1086408)
- CVE-2016-8331: Prevent remote code execution because of incorrect handling of TIFF images. A crafted TIFF document could have lead to a type confusion vulnerability resulting in remote code execution. This vulnerability could have been be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality (bsc#1007276)
- CVE-2016-3632: The _TIFFVGetField function allowed remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image (bsc#974621)
</description>
  <summary>Security update for tiff</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places