[3.5] tiff: Several vulnerabilities (CVE-2015-8665, CVE-2015-8683, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2015-8784)
CVE-2015-8665: Out-of-bounds read in tif_getimage.c
tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image.
Reference:
http://www.openwall.com/lists/oss-security/2015/12/24/2
Patch:
https://github.com/vadz/libtiff/commit/f94a29a822f5528d2334592760fbb7938f15eb55
CVE-2015-8683: out-of-bounds read in CIE Lab image format
The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image.
Reference:
http://seclists.org/oss-sec/2015/q4/583
Patch:
https://github.com/vadz/libtiff/commit/f94a29a822f5528d2334592760fbb7938f15eb55
CVE-2015-8781, CVE-2015-8782, CVE-2015-8783: out-of-bounds writes for invalid images
References:
http://seclists.org/oss-sec/2016/q1/190
Patch (for all CVEs):
https://github.com/vadz/libtiff/commit/aaab5c3c9d2a2c6984f23ccbc79702610439bc65
CVE-2015-8784: out-of-bound write in NeXTDecode()
Reference:
http://seclists.org/oss-sec/2016/q1/191
Patch:
https://github.com/vadz/libtiff/commit/b18012dae552f85dcc5c57d3bf4e997a15b1cc1c
(from redmine: issue id 5823, created on 2016-06-29, closed on 2016-07-07)
- Relations:
- parent #5822 (closed)
- Changesets:
- Revision 7f2845dc on 2016-07-04T14:36:07Z:
main/tiff: security fixes. Fixes #5823
CVE-2015-8665
CVE-2015-8683
CVE-2015-8781
CVE-2015-8782
CVE-2015-8784