Univention Bugzilla – Bug 40406
tiff: Multiple issues (4.1)
Last modified: 2017-10-26 13:53:56 CEST
New issues have been identified in the source package tiff: * Out-of-bounds Read (CVE-2015-8665) * Out-of-bounds read in CIE Lab image format (CVE-2015-8683)
Upstream Debian package version 4.0.2-6+deb7u5 fixes these issues: * Out-of-bounds read in TIFFRGBAImage interface (CVE-2015-8665) * Out-of-bounds read in CIE Lab image format (CVE-2015-8683) * an out of bounds write in tif_luv.c (CVE-2015-8781) * other out-of-bounds writes (CVE-2015-8782) * other out-of-bounds reads (CVE-2015-8783) * potential out-of-bound write in NeXTDecode (CVE-2015-8784)
The following issues have been reported as fixed in Version 4.0.6-2, I guess a backport is possible: * PixarLogDecode() out-of-bound writes (CVE-2016-5314) * tif_pixarlog.c: PixarLogCleanup() Segmentation fault (CVE-2016-5316) * rgb2ycbcr: command excution (CVE-2016-5320) * DumpModeDecode(): Ddos (CVE-2016-5321) * tiffcrop _TIFFFax3fillruns(): NULL pointer dereference (CVE-2016-5323) * tiff: heap-based buffer overflow when using the PixarLog compression format (CVE-2016-5875) * tiff: information leak in libtiff/tif_read.c (CVE-2016-6223) Of these CVE-2016-5320 has the highest impact CVSS v2 Base score 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P
Upstream Debian package version 4.0.2-6+deb7u6 fixes these issues: * tiffcrop: out-of-bounds write in loadImage() (CVE-2016-3991) * tif_dir.c: setByteArray() Read access violation (CVE-2016-5315) * GNOME nautilus: crash occurs when generating a thumbnail for a crafted TIFF image (CVE-2016-5317) * extractContigSamplesBytes: out-of-bounds read (CVE-2016-5322)
Imported 4.0.2-6+deb7u6 and added patch CVE-2016-6223.quilt. Tests (i386): OK Advisory: tiff.yaml
OK: errata-announce -V --only tiff.yaml OK: tiff.yaml OK: aptitude install '?source-package(^tiff$)' OK: aptitude install '?source-package(^tiff$)~i' # 4.0.2-6+deb7u6 OK: tiffinfo ~/broken_2.tiff OK: amd64 OK: zless /usr/share/doc/libtiff5/changelog.Debian.gz
<http://errata.software-univention.de/ucs/4.1/290.html>