Univention Bugzilla – Bug 37434
tiff: Multiple issues (4.0)
Last modified: 2016-01-05 18:50:35 CET
Buffer overflow in bmp2tiff (CVE-2014-9330)
Multiple out of bound reads in processing TIFF files (CVE-2014-8127) Multiple out of bound writes in processing TIFF files (CVE-2014-8128) Multiple out of bound reads/writes in processing TIFF files (CVE-2014-8129) Multiple NULL pointer dereferences in processing TIFF files (CVE-2014-8130)
Denial of service by accessing uninitialised memory (CVE-2015-1547, CVE-2014-9655)
Upstream Debian package version 4.0.2-6+deb7u4 fixes five of the issues above: CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-9330 CVE-2014-9655 The other two are not likely to be fixed soon: * CVE-2014-8130: unimportant. * CVE-2015-1547: Status is unclear (not really reproducable?).
tiff 4.0.2-6+deb7u4 imported from wheezy and built in errata4.0-3. YAML: 2015-09-11-tiff.yaml
OK: DEBIAN_FRONTEND=noninteractive apt-get install -y libtiff5 libtiff-tools OK: /usr/share/doc/libtiff5/changelog.Debian.gz OK: r63650 / 2015-09-11-tiff.yaml / CVE… OK: Test: * gif2tiff /usr/share/doc/tk8.4/examples/images/earth.gif earth.tiff * tiff2pdf earth.tiff earth.pdf * file earth.*
<http://errata.software-univention.de/ucs/4.0/325.html>
* Out-of-bounds Read (CVE-2015-8665) * Out-of-bounds read in CIE Lab image format (CVE-2015-8683)