SB2017020115 - Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7 update for libtiff

Main Vulnerability Database SB2017020115

SB2017020115 - Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7 update for libtiff

Published: February 1, 2017 Updated: April 24, 2025

Security Bulletin ID SB2017020115

Severity

High

Patch available

YES

Number of vulnerabilities 8

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Integer overflow (CVE-ID: CVE-2015-8870)

The vulnerability allows a remote attacker to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory.

The vulnerability exists in tools/bmp2tiff.c in LibTIFF. A remote attacker can pass specially crafted width and length values in RLE4 or RLE8 data in a BMP file to the application, trigger integer overflow and cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory

2) Remote code execution (CVE-ID: CVE-2016-5652)

The vulnerability allows a remote unauthenticated user to execute arbitrary code execution om the target system.
The weakness exists due to improper handling of compressed, TIFF images. By convincing the victim to open a file with specially crafted TIFF images, attackers can trigger a heap-buffer overflow and execute arbitrary code.
Successful exploitation of the vulnerability results in arbitrary code execution.

3) Buffer overflow (CVE-ID: CVE-2016-9533)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog horizontalDifference heap-buffer-overflow."

4) Buffer overflow (CVE-ID: CVE-2016-9534)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow."

5) Buffer overflow (CVE-ID: CVE-2016-9535)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."

6) Out-of-bounds write (CVE-ID: CVE-2016-9536)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in heap allocated buffers in t2p_process_jpeg_strip() in tools/tiff2pdf.c due to out-of-bounds write, aka "t2p_process_jpeg_strip heap-buffer-overflow." A remote attacker can execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

7) Buffer overflow (CVE-ID: CVE-2016-9537)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097.

8) Buffer overflow (CVE-ID: CVE-2016-9540)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow."

Remediation

Install update from vendor's website.

References

https://access.redhat.com/errata/RHSA-2017:0225