SB2018011917 - Multiple vulnerabilities in LibTIFF
Published: January 19, 2018 Updated: April 3, 2018
Security Bulletin ID
SB2018011917
Severity
High
Patch available
YES
Number of vulnerabilities
12
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 12 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2016-3186)
The vulnerability allows a remote attacker can cause DoS condition on the target system.The weakness exists in the gif2tiff.c due to buffer overflow. A remote attacker can submit a specially crafted GIF file and cause the service to crash.
2) Buffer overflow (CVE-ID: CVE-2016-5102)
The vulnerability allows a remote attacker can cause DoS condition on the target system.The weakness exists in gif2tiff.c in the gif2tiff tool due to buffer overflow. A remote attacker can submit a specially crafted GIF file and cause the service to crash.
3) Stack-based buffer overflow (CVE-ID: CVE-2016-5318)
The vulnerability allows a remote attacker can cause DoS condition on the target system.The weakness exists in the _TIFFVGetField function due to stack-based buffer overflow. A remote attacker can submit a specially crafted tiff file and cause the service to crash.
4) Improper input validation (CVE-ID: CVE-2017-11613)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in the TIFFOpen function due to improper checking of td_imagelength during the TIFFOpen process. A remote attacker can cause the service to crash.
5) Uncontrolled memory allocation (CVE-ID: CVE-2017-12944)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in the TIFFReadDirEntryArray function in tif_read.c due to mishandling memory allocation for short files. A remote attacker can trigger memory corruption and cause the service to crash.
6) Heap-based buffer overflow (CVE-ID: CVE-2017-17095)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in tools/pal2rgb.c in pal2rgb due to heap-based buffer overflow. A remote attacker can trigger memory corruption and cause the service to crash.
7) NULL pointer dereference (CVE-ID: CVE-2017-18013)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference error in tif_print.c within TIFFPrintDirectory() function. A remote attacker can trigger a NULL pointer dereference error and crash the affected application.
8) Heap-based buffer over-read (CVE-ID: CVE-2017-5563)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in tif_lzw.c due to heap-based buffer over-read. A remote attacker can trigger memory corruption and cause the service to crash.
9) Heap-based buffer over-read (CVE-ID: CVE-2017-9117)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in bmp2tiff due to heap-based buffer over-read when the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input. A remote attacker can trigger memory corruption and cause the service to crash.
10) Improper input validation (CVE-ID: CVE-2017-9147)
The vulnerability allows a remote attacker to cause DoS condition.The weakness exits due to invalid read in the _TIFFVGetField function in tif_dir.c. A remote attacker can send specially crafted TIFF file and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
11) Memory corruption (CVE-ID: CVE-2017-9935)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists in the t2p_write_pdf function in tools/tiff2pdf.c due to heap-based buffer overflow. A remote attacker can submit a specially crafted TIFF document, trigger out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may result in system compromise.
12) Resource exhaustion (CVE-ID: CVE-2018-5784)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in the TIFFSetDirectory function of tif_dir.c due to the declared number of directory entries is not validated against the actual number of directory entries. A remote attacker can submit a specially crafted tif file, trigger resource exhaustion and cause the service to crash.
Remediation
Install update from vendor's website.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1319503
- https://bugzilla.redhat.com/show_bug.cgi?id=1343407
- https://github.com/genuinetools/reg/blob/master/README.md
- https://gist.github.com/dazhouzhou/1a3b7400547f23fe316db303ab9b604f
- https://github.com/NixOS/nixpkgs/issues/30959
- http://bugzilla.maptools.org/show_bug.cgi?id=2750
- http://bugzilla.maptools.org/show_bug.cgi?id=2770
- https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01
- http://bugzilla.maptools.org/show_bug.cgi?id=2664
- http://bugzilla.maptools.org/show_bug.cgi?id=2690
- http://bugzilla.maptools.org/show_bug.cgi?id=2693
- http://bugzilla.maptools.org/show_bug.cgi?id=2704
- http://bugzilla.maptools.org/show_bug.cgi?id=2772