|
|
Log in / Subscribe / Register

Mageia alert MGASA-2016-0349 (libtiff)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2016-0349: The updated packages fix libtiff security vulnerabilities 


Date:
    	      Fri, 21 Oct 2016 00:35:46 +0200


Message-ID:
    	      <20161020223546.A4CAF9F7A0@duvel.mageia.org>


MGASA-2016-0349 - The updated packages fix libtiff security vulnerabilities

Publication date: 20 Oct 2016
URL: http://advisories.mageia.org/MGASA-2016-0349.html
Type: security
Affected Mageia releases: 5
CVE: CVE-2015-7554,
     CVE-2015-8668,
     CVE-2016-3186,
     CVE-2016-3622,
     CVE-2016-3623,
     CVE-2016-3632,
     CVE-2016-3945,
     CVE-2016-3990,
     CVE-2016-3991,
     CVE-2016-5314,
     CVE-2016-5315,
     CVE-2016-5316,
     CVE-2016-5317,
     CVE-2016-5320,
     CVE-2016-5321,
     CVE-2016-5322,
     CVE-2016-5323,
     CVE-2016-5875,
     CVE-2016-6223

Description:
The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows 
attackers to cause a denial of service (invalid memory write and 
crash) or possibly have unspecified other impact via crafted field
data in an extension tag in a TIFF image. (CVE-2015-7554)

Heap-based buffer overflow in the PackBitsPreEncode function in 
tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote
attackers to execute arbitrary code or cause a denial of service via a
large width field in a BMP image. (CVE-2015-8668)

Buffer overflow in the readextension function in gif2tiff.c in LibTIFF
4.0.6 allows remote attackers to cause a denial of service (application
crash) via a crafted GIF file. (CVE-2016-3186) (the program gif2tiff has
been obsoleted)

The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6
and earlier allows remote attackers to cause a denial of service 
(divide-by-zero error) via a crafted TIFF image. (CVE-2016-3622)

The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers 
to cause a denial of service (divide-by-zero) by setting the (1) v or (2)
h parameter to 0. (CVE-2016-3623)

The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier 
allows remote attackers to cause a denial of service (out-of-bounds write)
or execute arbitrary code via a crafted TIFF image. (CVE-2016-3632)

Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile 
functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode
is enabled,allow remote attackers to cause a denial of service (crash) or 
execute arbitrary code via a crafted TIFF image, which triggers an 
out-of-bounds write. (CVE-2016-3945)

Heap-based buffer overflow in the horizontalDifference8 function in 
tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers 
to cause a denial of service (crash) or execute arbitrary code via 
a crafted TIFF image to tiffcp. (CVE-2016-3990)

Heap-based buffer overflow in the loadImage function in the tiffcrop tool 
in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of 
service (out-of-bounds write) or execute arbitrary code via a crafted TIFF
image with zero tiles. (CVE-2016-3991)

PixarLogDecode() out-of-bound writes (CVE-2016-5314)

tif_dir.c: setByteArray() Read access violation (CVE-2016-5315)

tif_pixarlog.c: PixarLogCleanup() Segmentation fault (CVE-2016-5316)

crash occurs when generating a thumbnail for a crafted TIFF image 
(CVE-2016-5317)

rgb2ycbcr: command excution (CVE-2016-5320)

DumpModeDecode(): Ddos (CVE-2016-5321)

tiffcrop: extractContigSamplesBytes: out-of-bounds read (CVE-2016-5322)

tiffcrop _TIFFFax3fillruns(): divide by zero (CVE-2016-5323)

tiff: heap-based buffer overflow when using the PixarLog compression format (CVE-2016-5875)

tiff: information leak in libtiff/tif_read.c (CVE-2016-6223)

References:
- https://bugs.mageia.org/show_bug.cgi?id=17480
- http://openwall.com/lists/oss-security/2015/12/26/7
- https://lists.opensuse.org/opensuse-updates/2016-04/msg00...
- http://openwall.com/lists/oss-security/2016/07/14/4
- http://lwn.net/Vulnerabilities/695692/
- https://lists.opensuse.org/opensuse-updates/2016-07/msg00...
- https://rhn.redhat.com/errata/RHSA-2016-1546.html
- http://lwn.net/Vulnerabilities/696207/
- http://lwn.net/Vulnerabilities/698795/
- http://lwn.net/Vulnerabilities/699684/
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7554
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8668
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3186
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3622
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3623
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3632
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3945
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3990
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3991
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5314
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5315
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5316
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5317
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5320
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5321
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5322
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5323
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5875
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6223

SRPMS:
- 5/core/libtiff-4.0.6-1.4.mga5
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds