SB2020050402 - Debian update for tiff

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020050402

SB2020050402 - Debian update for tiff

Published: May 4, 2020 Updated: May 21, 2022

Security Bulletin ID SB2020050402
Severity
High
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 14% Medium 14% Low 71%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Heap-based buffer overflow (CVE-ID: CVE-2018-12900)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c. A remote unauthenticated attacker can trick the victim into opening a specially crafted TIFF file that can trigger memory corruption and cause the service to crash.


2) NULL pointer dereference (CVE-ID: CVE-2018-17000)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dreference error in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction). A remote attacker can create a specially crafted tiff file and perform a denial of service (DoS) attack.


3) Integer overflow (CVE-ID: CVE-2018-17100)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to int32 overflow when insufficient validation of user-supplied input processed by the multiply_ms() function, as defined in the tools/ppm2tiff.c source code file. A remote unauthenticated attacker can trick the victim into opening or executing an image file that submits malicious input to the targeted system. A successful exploit could trigger memory corruption and cause the affected software to crash, resulting in a DoS condition.


4) NULL pointer dereference (CVE-ID: CVE-2018-19210)

The vulnerability allows a remote attacker to cause DoS condition.

The vulnerability exists due to insufficient validation of user-supplied input processed by the TIFFWriteDirectorySec function, as defined in the tif_dirwrite.c source code file. A remote attacker can trick the victim into opening or executing a file that submits malicious input, trigger a NULL pointer dereference and cause the service to crash.


5) NULL pointer dereference (CVE-ID: CVE-2019-7663)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an invalid address dereference condition that exists in the TIFFWriteDirectoryTagTransferfunction, as defined in the libtiff/tif_dirwrite.c source code file. A remote attacker can trick the victim into accessing a Tagged Image File Format (TIFF) file that submits malicious input and trigger a segmentation fault in the cpSeparateBufToContigBuf function in the tiffcp.c file, resulting in a DoS condition.

6) Integer overflow (CVE-ID: CVE-2019-14973)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attacks.

The vulnerability exists due to integer overflow in the "_TIFFCheckMalloc" and "_TIFFCheckRealloc" functions in the "tif_aux.c" file. A remote attacker can trick a victim to open a specially crafted file that contains crafted TIFF images, trigger integer overflow and crash the target application.



7) Integer overflow (CVE-ID: CVE-2019-17546)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow when processing RGBA images. A remote attacker can create a specially crafted RGBA image, pass it to the affected application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Remediation

Install update from vendor's website.

References