Debian 10263 Published by

Updated tiff packages has been released for Debian GNU/Linux 8 LTS to address several issues



Package : tiff
Version : 4.0.3-12.3+deb8u6
CVE ID : CVE-2017-11613 CVE-2018-5784 CVE-2018-7456
CVE-2018-8905 CVE-2018-10963
Debian Bug : 869823 898348 890441 891288 893806

Several issues were discovered in TIFF, the Tag Image File Format
library, that allowed remote attackers to cause a denial-of-service or
other unspecified impact via a crafted image file.

CVE-2017-11613: DoS vulnerability
A crafted input will lead to a denial of service attack. During the
TIFFOpen process, td_imagelength is not checked. The value of
td_imagelength can be directly controlled by an input file. In the
ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc
function is called based on td_imagelength. If the value of
td_imagelength is set close to the amount of system memory, it will
hang the system or trigger the OOM killer.

CVE-2018-10963: DoS vulnerability
The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF
allows remote attackers to cause a denial of service (assertion
failure and application crash) via a crafted file, a different
vulnerability than CVE-2017-13726.

CVE-2018-5784: DoS vulnerability
In LibTIFF, there is an uncontrolled resource consumption in the
TIFFSetDirectory function of tif_dir.c. Remote attackers could
leverage this vulnerability to cause a denial of service via a
crafted tif file.
This occurs because the declared number of directory entries is not
validated against the actual number of directory entries.

CVE-2018-7456: NULL Pointer Dereference
A NULL Pointer Dereference occurs in the function TIFFPrintDirectory
in tif_print.c in LibTIFF when using the tiffinfo tool to print
crafted TIFF information, a different vulnerability than
CVE-2017-18013. (This affects an earlier part of the
TIFFPrintDirectory function that was not addressed by the
CVE-2017-18013 patch.)

CVE-2018-8905: Heap-based buffer overflow
In LibTIFF, a heap-based buffer overflow occurs in the function
LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as
demonstrated by tiff2ps.

For Debian 8 "Jessie", these problems have been fixed in version
4.0.3-12.3+deb8u6.

We recommend that you upgrade your tiff packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
  Tiff Security Update for Debian 8 LTS