Debian update for tiff
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2018-12900 CVE-2018-17000 CVE-2018-17100 CVE-2018-19210 CVE-2019-7663 CVE-2019-14973 CVE-2019-17546 |
| CWE-ID | CWE-122 CWE-476 CWE-119 CWE-190 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #4 is available. Public exploit code for vulnerability #5 is available. |
| Vulnerable software Subscribe |
tiff (Debian package) Operating systems & Components / Operating system package or component |
| Vendor | Debian |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Heap-based buffer overflow
EUVDB-ID: #VU16180
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12900
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c. A remote unauthenticated attacker can trick the victim into opening a specially crafted TIFF file that can trigger memory corruption and cause the service to crash.
MitigationUpdate tiff package to version 4.0.8-2+deb9u5.
Vulnerable software versionstiff (Debian package): 4.0.8-2+deb9u1 - 4.0.8-2+deb9u4
External linkshttp://www.debian.org/security/2020/dsa-4670
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU18498
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-17000
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction). A remote attacker can create a specially crafted tiff file and perform a denial of service (DoS) attack.
MitigationUpdate tiff package to version 4.0.8-2+deb9u5.
Vulnerable software versionstiff (Debian package): 4.0.8-2+deb9u1 - 4.0.8-2+deb9u4
External linkshttp://www.debian.org/security/2020/dsa-4670
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Integer overflow
EUVDB-ID: #VU15531
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-17100
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to int32 overflow when insufficient validation of user-supplied input processed by the multiply_ms() function, as defined in the tools/ppm2tiff.c source code file. A remote unauthenticated attacker can trick the victim into opening or executing an image file that submits malicious input to the targeted system. A successful exploit could trigger memory corruption and cause the affected software to crash, resulting in a DoS condition.
MitigationUpdate tiff package to version 4.0.8-2+deb9u5.
Vulnerable software versionstiff (Debian package): 4.0.8-2+deb9u1 - 4.0.8-2+deb9u4
External linkshttp://www.debian.org/security/2020/dsa-4670
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU16444
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:U/RC:C]
CVE-ID: CVE-2018-19210
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The vulnerability exists due to insufficient validation of user-supplied input processed by the TIFFWriteDirectorySec function, as defined in the tif_dirwrite.c source code file. A remote attacker can trick the victim into opening or executing a file that submits malicious input, trigger a NULL pointer dereference and cause the service to crash.
MitigationUpdate tiff package to version 4.0.8-2+deb9u5.
Vulnerable software versionstiff (Debian package): 4.0.8-2+deb9u1 - 4.0.8-2+deb9u4
External linkshttp://www.debian.org/security/2020/dsa-4670
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) NULL pointer dereference
EUVDB-ID: #VU17675
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-7663
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an invalid address dereference condition that exists in the TIFFWriteDirectoryTagTransferfunction, as defined in the libtiff/tif_dirwrite.c source code file. A remote attacker can trick the victim into accessing a Tagged Image File Format (TIFF) file that submits malicious input and trigger a segmentation fault in the cpSeparateBufToContigBuf function in the tiffcp.c file, resulting in a DoS condition.
MitigationUpdate tiff package to version 4.0.8-2+deb9u5.
Vulnerable software versionstiff (Debian package): 4.0.8-2+deb9u1 - 4.0.8-2+deb9u4
External linkshttp://www.debian.org/security/2020/dsa-4670
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Integer overflow
EUVDB-ID: #VU20390
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-14973
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attacks.
The vulnerability exists due to integer overflow in the "_TIFFCheckMalloc" and "_TIFFCheckRealloc" functions in the "tif_aux.c" file. A remote attacker can trick a victim to open a specially crafted file that contains crafted TIFF images, trigger integer overflow and crash the target application.
Update tiff package to version 4.0.8-2+deb9u5.
Vulnerable software versionstiff (Debian package): 4.0.8-2+deb9u1 - 4.0.8-2+deb9u4
External linkshttp://www.debian.org/security/2020/dsa-4670
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Integer overflow
EUVDB-ID: #VU22615
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-17546
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow when processing RGBA images. A remote attacker can create a specially crafted RGBA image, pass it to the affected application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate tiff package to version 4.0.8-2+deb9u5.
Vulnerable software versionstiff (Debian package): 4.0.8-2+deb9u1 - 4.0.8-2+deb9u4
External linkshttp://www.debian.org/security/2020/dsa-4670
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
