Fedora 28 update for libtiff
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2018-17100 CVE-2018-17101 CVE-2018-10779 CVE-2018-10801 |
| CWE-ID | CWE-119 CWE-125 CWE-401 CWE-400 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. |
| Vulnerable software |
Fedora Operating systems & Components / Operating system libtiff Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Integer overflow
EUVDB-ID: #VU15531
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-17100
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to int32 overflow when insufficient validation of user-supplied input processed by the multiply_ms() function, as defined in the tools/ppm2tiff.c source code file. A remote unauthenticated attacker can trick the victim into opening or executing an image file that submits malicious input to the targeted system. A successful exploit could trigger memory corruption and cause the affected software to crash, resulting in a DoS condition.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 28
libtiff: before 4.0.9-13.fc28
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2018-48f74c8eb2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU15532
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-17101
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to out-of-bounds read during insufficient validation of user-supplied input processed by the cpTags function, as defined in the tools/tiff2bw.c and tools/pal2rgb.c source code files. A remote unauthenticated attacker can trick the victim into opening or executing an image file that submits malicious input to the targeted system. A successful exploit could trigger memory corruption and cause the affected software to crash, resulting in a DoS condition.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 28
libtiff: before 4.0.9-13.fc28
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2018-48f74c8eb2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Heap-based buffer over-read
EUVDB-ID: #VU12422
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-10779
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in the TIFFWriteScanline function in the tif_write.csource code file due to insufficient validation of user-supplied input. A local attacker can use the .bmp2tiff command to execute a specially crafted file, trigger heap-based buffer over-read and cause the service to crash.
Mitigation
Install updates from vendor's repository.
Vulnerable software versionsFedora: 28
libtiff: before 4.0.9-13.fc28
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2018-48f74c8eb2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Resource exhaustion
EUVDB-ID: #VU13364
Risk: Low
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-10801
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to insufficient validation of user-supplied input processed by the TIFFClientOpen function, as defined in the tif_unix.c source code file. A remote attacker can use the .bmp2tiff command to execute a file that submits malicious input to the system, trigger memory leaks and cause the affected software to crash, resulting in a DoS condition.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 28
libtiff: before 4.0.9-13.fc28
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2018-48f74c8eb2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
