OpenSUSE Linux update for tiff



Published: 2018-12-23
Risk High
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2016-10092
CVE-2016-10093
CVE-2016-10094
CVE-2016-6223
CVE-2017-12944
CVE-2018-19210
CWE-ID CWE-122
CWE-190
CWE-193
CWE-125
CWE-789
CWE-476
Exploitation vector Network
Public exploit Public exploit code for vulnerability #4 is available.
Public exploit code for vulnerability #6 is available.
Vulnerable software
Subscribe 		Opensuse
Operating systems & Components / Operating system

Vendor SUSE

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Heap-based buffer overflow

EUVDB-ID: #VU13548

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-10092

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c when processing malicious input. A remote attacker can send a specially crafted image, trigger memory corruption and cause the service to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 42.3

External links

http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00061.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Memory corruption

EUVDB-ID: #VU13549

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-10093

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to integer overflow in tools/tiffcp.c when processing malicious input. A remote attacker can send a specially crafted image, trigger heap-based buffer overflow and cause the service to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 42.3

External links

http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00061.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Off-by-one error

EUVDB-ID: #VU13550

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-10094

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c when processing malicious input. A remote attacker can send a specially crafted image and cause the service to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 42.3

External links

http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00061.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds read

EUVDB-ID: #VU16443

Risk: Low

CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2016-6223

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition.

The vulnerability exists due to out-of-bounds read condition by the TIFFReadRawStrip1 and TIFFReadRawTile1 functions, as defined in the tif_read.c source code file. A remote attacker can trick the victim into opening or executing a file that submits malicious input and cause a DoS condition or possibly access sensitive information.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 42.3

External links

http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00061.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

5) Uncontrolled memory allocation

EUVDB-ID: #VU11495

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12944

CWE-ID: CWE-789 - Uncontrolled Memory Allocation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the TIFFReadDirEntryArray function in tif_read.c due to mishandling memory allocation for short files. A remote attacker can trigger memory corruption and cause the service to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 42.3

External links

http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00061.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) NULL pointer dereference

EUVDB-ID: #VU16444

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:U/RC:C]

CVE-ID: CVE-2018-19210

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition.

The vulnerability exists due to insufficient validation of user-supplied input processed by the TIFFWriteDirectorySec function, as defined in the tif_dirwrite.c source code file. A remote attacker can trick the victim into opening or executing a file that submits malicious input, trigger a NULL pointer dereference and cause the service to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 42.3

External links

http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00061.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###