Project

General

Profile

Bug #9163

Bug #9162: tiff: Multiple vulnerabilities (CVE-2017-9935, CVE-2017-11613, CVE-2018-10963)

[3.8] tiff: Multiple vulnerabilities (CVE-2017-9935, CVE-2017-11613, CVE-2018-10963)

Added by Alicha CH 9 months ago. Updated 9 months ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
Start date:
07/31/2018
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

CVE-2017-9935: In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow
could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in
TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free.
Given these possibilities, it probably could cause arbitrary code execution.

References:

https://nvd.nist.gov/vuln/detail/CVE-2017-9935
http://bugzilla.maptools.org/show_bug.cgi?id=2704

CVE-2017-11613: In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of
service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file.
In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of
td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer.

References:

https://nvd.nist.gov/vuln/detail/CVE-2017-11613

CVE-2018-10963: A flaw was found in LibTIFF through 4.0.9. TIFFWriteDirectorySec() function in tif_dirwrite.c allows remote attackers
to cause a denial of service (assertion failure and application crash) via a crafted file.

References:

https://nvd.nist.gov/vuln/detail/CVE-2018-10963

Patch:

https://gitlab.com/libtiff/libtiff/commit/de144fd228e4be8aa484c3caf3d814b6fa88c6d9


Related issues

Copied from Alpine Linux - Bug #9162: tiff: Multiple vulnerabilities (CVE-2017-9935, CVE-2017-11613, CVE-2018-10963)Closed07/31/2018

Associated revisions

Revision 6659caf6 (diff)
Added by Natanael Copa 9 months ago

main/tiff: various security fixes

- CVE-2017-9935
- CVE-2017-11613
- CVE-2017-17095
- CVE-2018-10963

fixes #8240
fixes #9163

History

#1 Updated by Alicha CH 9 months ago

  • Copied from Bug #9162: tiff: Multiple vulnerabilities (CVE-2017-9935, CVE-2017-11613, CVE-2018-10963) added

#2 Updated by Natanael Copa 9 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#3 Updated by Alicha CH 9 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed
  • Security IDs deleted (CVE-2017-9935, CVE-2017-11613, CVE-2018-10963)

Also available in: Atom PDF