OpenSUSE Linux update for tiff
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2016-3632 CVE-2016-8331 CVE-2017-11613 CVE-2017-13726 CVE-2017-18013 CVE-2018-10963 CVE-2018-7456 CVE-2018-8905 |
| CWE-ID | CWE-787 CWE-843 CWE-20 CWE-617 CWE-476 CWE-122 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #6 is available. Public exploit code for vulnerability #7 is available. Public exploit code for vulnerability #8 is available. |
| Vulnerable software Subscribe |
openSUSE Leap Operating systems & Components / Operating system package or component |
| Vendor | SDB |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Out-of-bounds write
EUVDB-ID: #VU3802
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-3632
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description
The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code.
The weakness exists in the _TIFFVGetField function in tif_dirinfo.c due to out-of-bounds write. A remote attacker can supply a specially crafted TIFF image and cause the service to crash or execute arbitrary code with elevated privileges.
Update the affected packages.
openSUSE Leap: 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2018-06/msg00049.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Remote code execution
EUVDB-ID: #VU1067
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-8331
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated user to execute arbitrary code execution om the target system.
The weakness exists due to improper handling of compressed, TIFF images. By convincing the victim to open a file with specially crafted TIFF images, attackers can trigger a type confusion condition and execute arbitrary code.
Successful exploitation of the vulnerability results in arbitrary code execution.
Update the affected packages.
openSUSE Leap: 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2018-06/msg00049.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper input validation
EUVDB-ID: #VU11494
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-11613
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the TIFFOpen function due to improper checking of td_imagelength during the TIFFOpen process. A remote attacker can cause the service to crash.
Update the affected packages.
openSUSE Leap: 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2018-06/msg00049.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Assertion failure
EUVDB-ID: #VU13514
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13726
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The vulnerability exists due to a reachable assertion abort in the function TIFFWriteDirectorySec(), related to tif_dirwrite.c and a SubIFD tag when processing malicious input. A remote attacker can send specially crafted input, trigger assertion failure and cause the service to crash.
MitigationUpdate the affected packages.
openSUSE Leap: 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2018-06/msg00049.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) NULL pointer dereference
EUVDB-ID: #VU9820
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-18013
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference error in tif_print.c within TIFFPrintDirectory() function. A remote attacker can trigger a NULL pointer dereference error and crash the affected application.
MitigationUpdate the affected packages.
openSUSE Leap: 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2018-06/msg00049.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU13373
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-10963
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause denial of service conditions.
The vulnerability exists due to insufficient validation of user-supplied input processed by the TIFFWriteDirectorySec() function, as defined in the tif_dirwrite.c source code file. A remote attacker can trick the victim into opening a specially crafted file, trigger assertion failure and cause the application to crash.
MitigationUpdate the affected packages.
openSUSE Leap: 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2018-06/msg00049.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
7) NULL pointer dereference
EUVDB-ID: #VU10792
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-7456
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
Description
The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The vulnerability exists in the TIFFPrintDirectory function that is defined in the tif_print.c source code file due to NULL pointer dereference. A remote attacker can create a specially crafted TIFF file, trick the victim into opening it and cause the service to crash.
MitigationUpdate the affected packages.
openSUSE Leap: 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2018-06/msg00049.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
8) Heap-based buffer overflow
EUVDB-ID: #VU11263
Risk: High
CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:U]
CVE-ID: CVE-2018-8905
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists in the LZWDecodeCompat function due to insufficient validation of user-supplied input. A remote attacker can submit a specially crafted TIFF file, cause the service to crash or execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected packages.
openSUSE Leap: 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2018-06/msg00049.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
