Lucene search

ArchLinuxASA-201704-10

HistoryApr 28, 2017 - 12:00 a.m.

[ASA-201704-10] libtiff: multiple issues

2017-04-2800:00:00

security.archlinux.org

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

88.0%

JSON

Arch Linux Security Advisory ASA-201704-10

Severity: Medium
Date : 2017-04-28
CVE-ID : CVE-2017-7592 CVE-2017-7593 CVE-2017-7594 CVE-2017-7595
CVE-2017-7596 CVE-2017-7597 CVE-2017-7598 CVE-2017-7599
CVE-2017-7600 CVE-2017-7601 CVE-2017-7602
Package : libtiff
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-237

Summary

The package libtiff before version 4.0.7-3 is vulnerable to multiple
issues including denial of service and information disclosure.

Resolution

Upgrade to 4.0.7-3.

pacman -Syu “libtiff>=4.0.7-3”

The problems have been fixed upstream but no release is available yet.

Workaround

None.

Description

CVE-2017-7592 (denial of service)

A security issue has been found in libtiff <= 4.0.7, where a crafted
TIFF file can trigger an undefined behavior in putagreytile().

CVE-2017-7593 (information disclosure)

A security issue has been found in libtiff < 4.0.7, where a crafted
tiff image can cause a unitialized-memory access in tif_rawdata(),
leading to information leakage.

CVE-2017-7594 (denial of service)

A security issue has been found in libtiff < 4.0.7, where a crafted
tiff image can cause a memory leak in
OJPEGReadHeaderInfoSecTablesAcTable().

CVE-2017-7595 (denial of service)

A security issue has been found in libtiff < 4.0.7, where a crafted
tiff image can cause a division by zero in JPEGSetupEncode(), leading
to denial of service.

CVE-2017-7596 (denial of service)

A security issue has been found in libtiff <= 4.0.7, where a crafted
TIFF file can trigger an undefined behavior.

CVE-2017-7597 (denial of service)

A security issue has been found in libtiff <= 4.0.7, where a crafted
TIFF file can trigger an undefined behavior.

CVE-2017-7598 (denial of service)

A security issue has been found in libtiff <= 4.0.7, where a crafted
TIFF file can trigger a division by zero in
TIFFReadDirEntryCheckedRational() or
TIFFReadDirEntryCheckedSrational(), leading to denial of service

CVE-2017-7599 (denial of service)

A security issue has been found in libtiff <= 4.0.7, where a crafted
TIFF file can trigger an undefined behavior.

CVE-2017-7600 (denial of service)

A security issue has been found in libtiff <= 4.0.7, where a crafted
TIFF file can trigger an undefined behavior.

CVE-2017-7601 (denial of service)

A security issue has been found in libtiff <= 4.0.7, where a crafted
TIFF file can trigger an undefined behavior (invalid shift exponent) in
JPEGSetupEncode().

CVE-2017-7602 (denial of service)

A security issue has been found in libtiff <= 4.0.7, where a crafted
TIFF file can trigger an undefined behavior in TIFFReadRawStrip1().

Impact

A remote attacker can access sensitive information and cause an
application crash via a crafted TIFF file.

References

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanylibtiff< 4.0.7-3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ArchLinux	any	any	libtiff	< 4.0.7-3	UNKNOWN

References

bugzilla.maptools.org/show_bug.cgi?id=2651

bugzilla.maptools.org/show_bug.cgi?id=2658

bugzilla.maptools.org/show_bug.cgi?id=2659

seclists.org/oss-sec/2017/q2/35

seclists.org/oss-sec/2017/q2/36

seclists.org/oss-sec/2017/q2/37

seclists.org/oss-sec/2017/q2/38

seclists.org/oss-sec/2017/q2/39

blogs.gentoo.org/ago/2017/04/01/libtiff-divide-by-zero-in-jpegsetupencode-tiff_jpeg-c/

github.com/vadz/libtiff/commit/0a76a8c765c7b8327c59646284fa78c3c27e5490

github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490

github.com/vadz/libtiff/commit/3cfd62d77c2a7e147a05bd678524c345fa9c2bb8

github.com/vadz/libtiff/commit/47f2fb61a3a64667bce1a8398a8fcb1b348ff122

github.com/vadz/libtiff/commit/48780b4fcc425cddc4ef8ffdf536f96a0d1b313b

github.com/vadz/libtiff/commit/66e7bd59520996740e4df5495a830b42fae48bc4

github.com/vadz/libtiff/commit/8283e4d1b7e53340684d12932880cbcbaf23a8c1

github.com/vadz/libtiff/commit/d60332057b9575ada4f264489582b13e30137be1

security.archlinux.org/AVG-237

security.archlinux.org/CVE-2017-7592

security.archlinux.org/CVE-2017-7593

security.archlinux.org/CVE-2017-7594

security.archlinux.org/CVE-2017-7595

security.archlinux.org/CVE-2017-7596

security.archlinux.org/CVE-2017-7597

security.archlinux.org/CVE-2017-7598

security.archlinux.org/CVE-2017-7599

security.archlinux.org/CVE-2017-7600

security.archlinux.org/CVE-2017-7601

security.archlinux.org/CVE-2017-7602

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

88.0%

JSON

Related for ASA-201704-10