Univention Bugzilla – Full Text Bug Listing |
Summary: | tiff: Multiple issues (4.1) | ||
---|---|---|---|
Product: | UCS | Reporter: | Arvid Requate <requate> |
Component: | Security updates | Assignee: | Janek Walkenhorst <walkenhorst> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P3 | CC: | gohmann |
Version: | UCS 4.1 | Flags: | requate:
Patch_Available+
|
Target Milestone: | UCS 4.1-3-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Security | |
Max CVSS v3 score: |
Description
Arvid Requate
2016-01-11 10:40:11 CET
Upstream Debian package version 4.0.2-6+deb7u5 fixes these issues: * Out-of-bounds read in TIFFRGBAImage interface (CVE-2015-8665) * Out-of-bounds read in CIE Lab image format (CVE-2015-8683) * an out of bounds write in tif_luv.c (CVE-2015-8781) * other out-of-bounds writes (CVE-2015-8782) * other out-of-bounds reads (CVE-2015-8783) * potential out-of-bound write in NeXTDecode (CVE-2015-8784) The following issues have been reported as fixed in Version 4.0.6-2, I guess a backport is possible: * PixarLogDecode() out-of-bound writes (CVE-2016-5314) * tif_pixarlog.c: PixarLogCleanup() Segmentation fault (CVE-2016-5316) * rgb2ycbcr: command excution (CVE-2016-5320) * DumpModeDecode(): Ddos (CVE-2016-5321) * tiffcrop _TIFFFax3fillruns(): NULL pointer dereference (CVE-2016-5323) * tiff: heap-based buffer overflow when using the PixarLog compression format (CVE-2016-5875) * tiff: information leak in libtiff/tif_read.c (CVE-2016-6223) Of these CVE-2016-5320 has the highest impact CVSS v2 Base score 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Upstream Debian package version 4.0.2-6+deb7u6 fixes these issues: * tiffcrop: out-of-bounds write in loadImage() (CVE-2016-3991) * tif_dir.c: setByteArray() Read access violation (CVE-2016-5315) * GNOME nautilus: crash occurs when generating a thumbnail for a crafted TIFF image (CVE-2016-5317) * extractContigSamplesBytes: out-of-bounds read (CVE-2016-5322) Imported 4.0.2-6+deb7u6 and added patch CVE-2016-6223.quilt. Tests (i386): OK Advisory: tiff.yaml OK: errata-announce -V --only tiff.yaml OK: tiff.yaml OK: aptitude install '?source-package(^tiff$)' OK: aptitude install '?source-package(^tiff$)~i' # 4.0.2-6+deb7u6 OK: tiffinfo ~/broken_2.tiff OK: amd64 OK: zless /usr/share/doc/libtiff5/changelog.Debian.gz |