Advisory ROSA-SA-2021-1896

Software: libtiff 4.0.3
OS: Cobalt 7.9

CVE-ID: CVE-2016-3620
CVE-Crit: HIGH
CVE-DESC: The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the “-c zip” parameter is used, allows remote attackers to cause a denial of service (buffer overflow) via a generated BMP image.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-3621
CVE-Crit: HIGH
CVE-DESC: The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the “-c lzw” parameter is used, allows remote attackers to cause a denial of service (buffer overflow) via the generated BMP image.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-3623
CVE-Crit: HIGH
CVE-DESC: the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide by zero) by setting parameter (1) v or (2) h to 0.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-3624
CVE-Crit: HIGH
CVE-DESC: The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-range write) by setting the “-v” parameter to -1.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-3625
CVE-Crit: MEDIUM
CVE-DESC: tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (read out of range) via a crafted TIFF image.
CVE-STATUS: default
CVE-REV: Default

CVE-ID: CVE-2016-3631
CVE-Crit: HIGH
CVE-DESC: The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service (read out of range) via vectors associated with the bytecounts [ ] array variable.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-3633
CVE-Crit: HIGH
CVE-DESC: The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (read out of range) using vectors associated with the src variable.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-3634
CVE-Crit: HIGH
CVE-DESC: The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (read out of range) via vectors associated with field_tag mapping.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-3658
CVE-Crit: HIGH
CVE-DESC: The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (read out of range) via vectors containing the ma variable.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5102
CVE-Crit: MEDIUM
CVE-DESC: Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation error) via the generated gif file.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5314
CVE-Crit: HIGH
CVE-DESC: A buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have an unspecified other impact using the generated TIFF image, as shown by overwriting the vgetparent function pointer with rgb2ycbcr.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5315
CVE-Crit: MEDIUM
CVE-DESC: The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (read out of range) via a crafted TIFF image.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5316
CVE-Crit: MEDIUM
CVE-DESC: Reading beyond the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to terminate the application by sending the created TIFF image to the rgb2ycbcr tool.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5318
CVE-Crit: MEDIUM
CVE-DESC: A stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash an application with a crafted tiff.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5319
CVE-Crit: MEDIUM
CVE-DESC: heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application using a crafted bmp file.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5321
CVE-Crit: MEDIUM
CVE-DESC: The DumpModeDecode feature in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and failure) using a crafted TIFF image.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5322
CVE-Crit: MEDIUM
CVE-DESC: The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (read out of range) via a crafted TIFF image.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-5323
CVE-Crit: HIGH
CVE-DESC: The _TIFFFax3fillruns feature in libtiff before 4.0.6 allows remote attackers to cause a denial of service (division-by-zero error and application crash) via a crafted Tiff image.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-6223
CVE-Crit: CRITICAL
CVE-DESC: The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allow remote attackers to cause a denial of service (failure) or possibly obtain sensitive information via a negative index in the file content buffer.
CVE-STATUS: default
CVE-REV: Default

CVE-ID: CVE-2016-9532
CVE-Crit: MEDIUM
CVE-DESC: Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (read out of range) via a crafted tif file.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-9453
CVE-Crit: HIGH
CVE-DESC: LibTIFF’s t2p_readwrite_pdf_image_tile function allows remote attackers to cause a denial of service (write out of range and crash) or possibly execute arbitrary code through a JPEG file with TIFFTAG_JPEGTABLES of length one.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2017-9935
CVE-Crit: HIGH
CVE-DESC: In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools / tiff2pdf.c. This heap overflow could cause various corruptions. For example, a created TIFF document could result in an out-of-bounds read in TIFFCleanup, an invalid release in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_pdf_image, or a double release in t2p_free. Given these possibilities, it probably could have caused arbitrary code execution.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2017-9937
CVE-Crit: MEDIUM
CVE-DESC: LibTIFF 4.0.8 has experienced a memory mislocalization failure in tif_jbig.c. The generated TIFF document may cause an interrupt, leading to a remote denial of service attack.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-5360
CVE-Crit: HIGH
CVE-DESC: LibTIFF before 4.0.6 does not properly handle reading TIFF files, as demonstrated by heap-based buffer re-reading in the ReadTIFFImage function in coders / tiff.c in GraphicsMagick 1.3.27.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-35521
CVE-Crit: MEDIUM
CVE-DESC: a bug has been detected in libtiff. Due to a memory allocation failure in tif_read.c, a TIFF file created may cause an interrupt, resulting in a denial of service.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-35522
CVE-Crit: MEDIUM
CVE-DESC: LibTIFF experienced a memory mis-localization failure in tif_pixarlog.c. The generated TIFF document may cause an interruption, resulting in a remote denial-of-service attack.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-35523
CVE-Crit: HIGH
CVE-DESC: An integer overflow flaw was discovered in libtiff, which exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The biggest threat from this vulnerability is to the confidentiality, integrity as well as availability of the system.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2020-35524
CVE-Crit: HIGH
CVE-DESC: A heap-based buffer overflow error was detected in libtiff when processing TIFF images in libtiff’s TIFF2PDF tool. A specially crafted TIFF file could lead to arbitrary code execution. The biggest threat from this vulnerability is to the confidentiality, integrity as well as availability of the system.
CVE-STATUS: default
CVE-REV: default