SB2017092623 - Gentoo update for libTIFF
Published: September 26, 2017 Updated: September 27, 2017
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 16 secuirty vulnerabilities.
1) Division by zero (CVE-ID: CVE-2016-10267)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to divide-by-zero error within LibTIFF 4.0.7. A remote attacker can perform a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8.
2) Memory corruption (CVE-ID: CVE-2016-10268)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to integer underflow and heap-based buffer under-read. A remote attacker can trick the victim into opening a specially crafted TIFF image, related to "READ of size 78490" and libtiff/tif_unix.c:115:23, trigger memory corruption and cause the service to crash.
3) Heap-based buffer overflow (CVE-ID: CVE-2017-5225)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error in "tools/tiffcp.cwhen" processing images. A remote attacker can create an image with specially crafted BitsPerSample value, trigger heap-based buffer overflow and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Heap-based buffer over-read (CVE-ID: CVE-2017-5563)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in tif_lzw.c due to heap-based buffer over-read. A remote attacker can trigger memory corruption and cause the service to crash.
5) Input validation error (CVE-ID: CVE-2017-7592)
The vulnerability allows a local non-authenticated attacker to execute arbitrary code.
The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
6) Buffer overflow (CVE-ID: CVE-2017-7593)
The vulnerability allows a local non-authenticated attacker to gain access to sensitive information.
tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.
7) Input validation error (CVE-ID: CVE-2017-7594)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image.
8) Division by zero (CVE-ID: CVE-2017-7595)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to divide-by-zero error within The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7. A remote attacker can perform a denial of service (divide-by-zero error and application crash) via a crafted image.
9) Input validation error (CVE-ID: CVE-2017-7596)
The vulnerability allows a local non-authenticated attacker to execute arbitrary code.
LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
10) Input validation error (CVE-ID: CVE-2017-7597)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
11) Division by zero (CVE-ID: CVE-2017-7598)
The vulnerability allows a local non-authenticated attacker to execute arbitrary code.
tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.
12) Input validation error (CVE-ID: CVE-2017-7599)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
13) Input validation error (CVE-ID: CVE-2017-7600)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
LibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
14) Input validation error (CVE-ID: CVE-2017-7601)
The vulnerability allows a local non-authenticated attacker to execute arbitrary code.
LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
15) Integer overflow (CVE-ID: CVE-2017-7602)
The vulnerability allows a local non-authenticated attacker to execute arbitrary code.
LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
16) Memory leak (CVE-ID: CVE-2017-9403)
The vulnerability allows a remote attacker to cause DoS condition.The weakness exits due to memory leak in the function TIFFReadDirEntryLong8Array in tif_dirread.c. A remote attacker can send specially crafted TIFF file and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
Remediation
Install update from vendor's website.