Univention Bugzilla – Bug 42312
tiff3: Multiple issues (4.1)
Last modified: 2016-10-20 12:40:35 CEST
Upstream Debian package version 3.9.6-11+deb7u1 fixes the following issues: * The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF image, related to "downsampled OJPEG input." (CVE-2010-2596) * Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file (CVE-2013-1961) * out-of-bound write (CVE-2014-8128) * out-of-bound read and write (CVE-2014-8129) * The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image (CVE-2014-9655) * uninitialized memory in NeXTDecode (CVE-2015-1547) * Out-of-bounds read in CIE Lab image format (CVE-2015-8683) * Out-of-bounds read in TIFFRGBAImage interface (CVE-2015-8665) * Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file. (CVE-2016-3186) * Divide By Zero in the rgb2ycbcr tool (CVE-2016-3623) * Out-of-bounds Write in the tiff2rgba tool (CVE-2016-3945) * tiffcp: out-of-bounds write in horizontalDifference8() (CVE-2016-3990) * tiffcrop: out-of-bounds write in loadImage() (CVE-2016-3991) * PixarLogDecode() out-of-bound writes (CVE-2016-5314) * tif_dir.c: setByteArray() Read access violation (CVE-2016-5315) * tif_pixarlog.c: PixarLogCleanup() Segmentation fault (CVE-2016-5316) * GNOME nautilus: crash occurs when generating a thumbnail for a crafted TIFF image (CVE-2016-5317) * rgb2ycbcr: command excution (CVE-2016-5320) * DumpModeDecode(): Ddos (CVE-2016-5321) * extractContigSamplesBytes: out-of-bounds read (CVE-2016-5322) * tiffcrop _TIFFFax3fillruns(): NULL pointer dereference (CVE-2016-5323) * tiff: heap-based buffer overflow when using the PixarLog compression format (CVE-2016-5875) * tiff: information leak in libtiff/tif_read.c (CVE-2016-6223) Note: The source package tiff3 generates the binary package libtiff4
Tests (amd64): OK Advisory: tiff3.yaml
OK: errata-announce -V --only tiff3.yaml FIXED: tiff3.yaml → r73270 OK: aptitude install '?source-package(tiff3)~i' OK: aptitude install '?source-package(tiff3)' OK: zless zless /usr/share/doc/libtiff4/changelog.Debian.gz # 3.9.6-11+deb7u1 OK: CVE-2010-2596 OK: CVE-2013-1961 OK: CVE-2014-8128 OK: CVE-2014-8129 OK: CVE-2014-9655 OK: CVE-2015-1547 OK: CVE-2015-8665 OK: CVE-2015-8683 OK: CVE-2016-3186 OK: CVE-2016-3623 OK: CVE-2016-3945 OK: CVE-2016-3990 OK: CVE-2016-3991 OK: CVE-2016-5314 OK: CVE-2016-5315 OK: CVE-2016-5316 OK: CVE-2016-5317 OK: CVE-2016-5320 OK: CVE-2016-5321 OK: CVE-2016-5322 OK: CVE-2016-5323 OK: CVE-2016-5875 OK: CVE-2016-6223
<http://errata.software-univention.de/ucs/4.1/305.html>