Main Vulnerability Database SB2017071804

SB2017071804 - Arch Linux update for lib32-libtiff

Published: July 18, 2017

Security Bulletin ID SB2017071804

Severity

High

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Out-of-bounds write (CVE-ID: CVE-2015-7554)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error in _TIFFVGetField() function in tif_dir.c in libtiff 4.0.6. A remote attacker can create a specially crafted TIFF image, trick the victim into opening it and execute arbitrary code on the target system.

2) Stack-based buffer overflow (CVE-ID: CVE-2016-10095)

The vulnerability allows a remote attacker to cause DoS condition.

The weakness exits due to stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c. A remote attacker can send specially crafted TIFF file and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Install update from vendor's website.

References

https://security.archlinux.org/advisory/ASA-201707-18