[3.4] tiff: Multiple vulnerabilities (CVE-2016-3186, CVE-2016-3621, CVE-2016-3622, CVE-2016-3623, CVE-2016-3624, CVE.., CVE-2016-5320, CVE-2016-5321, CVE-2016-5323, CVE-2016-5652, CVE-2016-5875)
CVE-2016-3186: Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file.
Reference:
http://bugzilla.maptools.org/show\_bug.cgi?id=2536
CVE-2016-3621: Out-of-bounds Read in the bmp2tiff tool
Affected Versions: <= 4.0.6
Reference:
http://bugzilla.maptools.org/show\_bug.cgi?id=2565
CVE-2016-3622: Divide By Zero in the tiff2rgba tool
Affected Versions: <= 4.0.6
References:
http://www.openwall.com/lists/oss-security/2016/04/07/4
http://bugzilla.maptools.org/buglist.cgi?product=libtiff
CVE-2016-3623, CVE-2016-3624: Divide By Zero in the rgb2ycbcr tool
Affected Versions: <= 4.0.6
References:
http://bugzilla.maptools.org/show\_bug.cgi?id=2569
http://www.openwall.com/lists/oss-security/2016/04/08/3
CVE-2016-3625: Out-of-bounds Read in the tiff2bw tool
Affected Versions: <= 4.0.6
Reference:
http://bugzilla.maptools.org/show\_bug.cgi?id=2566
CVE-2016-3658, CVE-2014-8127: Illegal read in TIFFWriteDirectoryTagLongLong8Array function in tiffset / tif_dirwrite.c
Affected Versions: <= 4.0.6
Reference:
http://www.openwall.com/lists/oss-security/2016/04/08/12
http://bugzilla.maptools.org/show\_bug.cgi?id=2546
CVE-2016-5314, CVE-2016-5315, CVE-2016-5316, CVE-2016-5317: PixarLogDecode() out-of-bound writes
Affected Versions: <= 4.0.6
References:
http://seclists.org/oss-sec/2016/q2/543
http://bugzilla.maptools.org/show\_bug.cgi?id=2554
http://bugzilla.maptools.org/show\_bug.cgi?id=2555
http://bugzilla.maptools.org/show\_bug.cgi?id=2557
http://seclists.org/oss-sec/2016/q2/545
CVE-2016-5318: memory corruption in _TIFFVGetField (thumbnail)
References:
http://bugzilla.maptools.org/show\_bug.cgi?id=2561
http://seclists.org/oss-sec/2016/q2/151
http://seclists.org/oss-sec/2016/q2/486
CVE-2016-5320, CVE-2016-5875: Out-of-bounds write in PixarLogDecode() function in tif_pixarlog.c
Affected Versions: <= 4.0.6
Reference:
http://bugzilla.maptools.org/show\_bug.cgi?id=2554\#c1
http://www.talosintelligence.com/reports/TALOS-2016-0205/
CVE-2016-5321: out-of-bounds read in tiffcrop / DumpModeDecode() function
Affected Versions: <= 4.0.6
References:
http://seclists.org/oss-sec/2016/q2/549
http://bugzilla.maptools.org/show\_bug.cgi?id=2558
CVE-2016-5323: Divide-by-zero in _TIFFFax3fillruns() function
Affected Versions: <= 4.0.6
References:
http://bugzilla.maptools.org/show\_bug.cgi?id=2559
http://seclists.org/oss-sec/2016/q2/548
CVE-2016-5652: tiff2pdf JPEG Compression Tables Heap Buffer Overflow
References:
http://www.talosintelligence.com/reports/TALOS-2016-0187/
(from redmine: issue id 6708, created on 2017-01-20, closed on 2019-05-03)
- Relations:
- parent #6660 (closed)