SB2018012706 - Debian update for tiff

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018012706

SB2018012706 - Debian update for tiff

Published: January 27, 2018 Updated: November 1, 2018

Security Bulletin ID SB2018012706
Severity
High
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 33% Low 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Memory corruption (CVE-ID: CVE-2017-9935)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the t2p_write_pdf function in tools/tiff2pdf.c due to heap-based buffer overflow. A remote attacker can submit a specially crafted TIFF document, trigger out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may result in system compromise.

2) Out-of-bounds write (CVE-ID: CVE-2017-11335)

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists in the ZIPDecode function in tif_zip.c in tools/tiff2pdf.c due to heap-based buffer overflow. A remote attacker can trick the victim into opening a specially crafted PlanarConfig=Contig image, trigger a more than one hundred bytes out-of-bounds write and cause the service to crash or execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

3) Uncontrolled memory allocation (CVE-ID: CVE-2017-12944)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the TIFFReadDirEntryArray function in tif_read.c due to mishandling memory allocation for short files. A remote attacker can trigger memory corruption and cause the service to crash.

4) Assertion failure (CVE-ID: CVE-2017-13726)

The vulnerability allows a remote attacker to cause DoS condition.

The vulnerability exists due to a reachable assertion abort in the function TIFFWriteDirectorySec(), related to tif_dirwrite.c and a SubIFD tag when processing malicious input. A remote attacker can send specially crafted input, trigger assertion failure and cause the service to crash.


5) NULL pointer dereference (CVE-ID: CVE-2017-18013)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference error in tif_print.c within TIFFPrintDirectory() function. A remote attacker can trigger a NULL pointer dereference error and crash the affected application.


6) Reachable Assertion (CVE-ID: CVE-2017-13727)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A specially crafted input will lead to a remote denial of service attack.


Remediation

Install update from vendor's website.

References