{"affected":[{"ecosystem_specific":{"binaries":[{"libtiff-devel":"3.8.2-141.169.3.1","libtiff-devel-32bit":"3.8.2-141.169.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 11 SP4","name":"tiff","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.8.2-141.169.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libtiff3":"3.8.2-141.169.3.1","libtiff3-32bit":"3.8.2-141.169.3.1","libtiff3-x86":"3.8.2-141.169.3.1","tiff":"3.8.2-141.169.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4","name":"tiff","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.8.2-141.169.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libtiff3":"3.8.2-141.169.3.1","libtiff3-32bit":"3.8.2-141.169.3.1","libtiff3-x86":"3.8.2-141.169.3.1","tiff":"3.8.2-141.169.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 11 SP4","name":"tiff","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.8.2-141.169.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\n  \nThis update for tiff fixes the following issues:\n\n- CVE-2016-9453: The t2p_readwrite_pdf_image_tile function allowed remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one (bsc#1011107).\n- CVE-2016-5652: An exploitable heap-based buffer overflow existed in the handling of TIFF images in the TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means (bsc#1007280).\n- CVE-2017-11335: There is a heap based buffer overflow in tools/tiff2pdf.c via a PlanarConfig=Contig image, which caused a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack (bsc#1048937).\n- CVE-2016-9536: tools/tiff2pdf.c had an out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka 't2p_process_jpeg_strip heap-buffer-overflow.'  (bsc#1011845)\n- CVE-2017-9935: In LibTIFF, there was a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution (bsc#1046077).\n- CVE-2017-17973: There is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. (bsc#1074318)\n- CVE-2015-7554: The _TIFFVGetField function in tif_dir.c allowed attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image (bsc#960341).\n- CVE-2016-5318: Stack-based buffer overflow in the _TIFFVGetField function allowed remote attackers to crash the application via a crafted tiff (bsc#983436).\n- CVE-2016-10095: Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c allowed remote attackers to cause a denial of service (crash) via a crafted TIFF file (bsc#1017690,).\n- CVE-2016-10268: tools/tiffcp.c allowed remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to 'READ of size 78490' and libtiff/tif_unix.c:115:23 (bsc#1031255)\n- An overlapping of memcpy parameters was fixed which could lead to content corruption (bsc#1017691).\n- Fixed an invalid memory read which could lead to a crash (bsc#1017692).\n- Fixed a NULL pointer dereference in TIFFReadRawData (tiffinfo.c) that could crash the decoder (bsc#1017688).\n","id":"SUSE-SU-2018:1179-1","modified":"2018-05-09T12:01:09Z","published":"2018-05-09T12:01:09Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20181179-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1007280"},{"type":"REPORT","url":"https://bugzilla.suse.com/1011107"},{"type":"REPORT","url":"https://bugzilla.suse.com/1011845"},{"type":"REPORT","url":"https://bugzilla.suse.com/1017688"},{"type":"REPORT","url":"https://bugzilla.suse.com/1017690"},{"type":"REPORT","url":"https://bugzilla.suse.com/1017691"},{"type":"REPORT","url":"https://bugzilla.suse.com/1017692"},{"type":"REPORT","url":"https://bugzilla.suse.com/1031255"},{"type":"REPORT","url":"https://bugzilla.suse.com/1046077"},{"type":"REPORT","url":"https://bugzilla.suse.com/1048937"},{"type":"REPORT","url":"https://bugzilla.suse.com/1074318"},{"type":"REPORT","url":"https://bugzilla.suse.com/960341"},{"type":"REPORT","url":"https://bugzilla.suse.com/983436"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-7554"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-10095"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-10268"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-3945"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5318"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5652"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9453"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9536"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-11335"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-17973"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-9935"}],"related":["CVE-2015-7554","CVE-2016-10095","CVE-2016-10268","CVE-2016-3945","CVE-2016-5318","CVE-2016-5652","CVE-2016-9453","CVE-2016-9536","CVE-2017-11335","CVE-2017-17973","CVE-2017-9935"],"summary":"Security update for tiff","upstream":["CVE-2015-7554","CVE-2016-10095","CVE-2016-10268","CVE-2016-3945","CVE-2016-5318","CVE-2016-5652","CVE-2016-9453","CVE-2016-9536","CVE-2017-11335","CVE-2017-17973","CVE-2017-9935"]}