MGASA-2016-0349
- Source
- https://advisories.mageia.org/MGASA-2016-0349.html
- Import Source
- https://advisories.mageia.org/MGASA-2016-0349.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2016-0349
- Related
- Published
- 2016-10-20T22:35:16Z
- Modified
- 2016-10-20T22:26:51Z
- Summary
- The updated packages fix libtiff security vulnerabilities
- Details
-
The TIFFVGetField function in tifdir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image. (CVE-2015-7554)
Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image. (CVE-2015-8668)
Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file. (CVE-2016-3186) (the program gif2tiff has been obsoleted)
The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image. (CVE-2016-3622)
The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0. (CVE-2016-3623)
The TIFFVGetField function in tifdirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image. (CVE-2016-3632)
Multiple integer overflows in the (1) cvtbystrip and (2) cvtbytile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled,allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write. (CVE-2016-3945)
Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp. (CVE-2016-3990)
Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles. (CVE-2016-3991)
PixarLogDecode() out-of-bound writes (CVE-2016-5314)
tif_dir.c: setByteArray() Read access violation (CVE-2016-5315)
tif_pixarlog.c: PixarLogCleanup() Segmentation fault (CVE-2016-5316)
crash occurs when generating a thumbnail for a crafted TIFF image (CVE-2016-5317)
rgb2ycbcr: command excution (CVE-2016-5320)
DumpModeDecode(): Ddos (CVE-2016-5321)
tiffcrop: extractContigSamplesBytes: out-of-bounds read (CVE-2016-5322)
tiffcrop _TIFFFax3fillruns(): divide by zero (CVE-2016-5323)
tiff: heap-based buffer overflow when using the PixarLog compression format (CVE-2016-5875)
tiff: information leak in libtiff/tif_read.c (CVE-2016-6223)
- References
-
- https://advisories.mageia.org/MGASA-2016-0349.html
- https://bugs.mageia.org/show_bug.cgi?id=17480
- http://openwall.com/lists/oss-security/2015/12/26/7
- https://lists.opensuse.org/opensuse-updates/2016-04/msg00064.html
- http://openwall.com/lists/oss-security/2016/07/14/4
- http://lwn.net/Vulnerabilities/695692/
- https://lists.opensuse.org/opensuse-updates/2016-07/msg00087.html
- https://rhn.redhat.com/errata/RHSA-2016-1546.html
- http://lwn.net/Vulnerabilities/696207/
- http://lwn.net/Vulnerabilities/698795/
- http://lwn.net/Vulnerabilities/699684/
- Credits
-
-
- Mageia - COORDINATOR
-