{"affected":[{"ecosystem_specific":{"binaries":[{"libtiff-devel":"3.8.2-141.169.9.1","libtiff-devel-32bit":"3.8.2-141.169.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 11 SP4","name":"tiff","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.8.2-141.169.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libtiff3":"3.8.2-141.169.9.1","libtiff3-32bit":"3.8.2-141.169.9.1","libtiff3-x86":"3.8.2-141.169.9.1","tiff":"3.8.2-141.169.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4","name":"tiff","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.8.2-141.169.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libtiff3":"3.8.2-141.169.9.1","libtiff3-32bit":"3.8.2-141.169.9.1","libtiff3-x86":"3.8.2-141.169.9.1","tiff":"3.8.2-141.169.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 11 SP4","name":"tiff","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.8.2-141.169.9.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for tiff fixes the following security issues:\n\n- CVE-2017-5225: Prevent heap buffer overflow in the tools/tiffcp that could\n  have caused DoS or code execution via a crafted BitsPerSample value\n  (bsc#1019611)\n- CVE-2018-7456: Prevent a NULL Pointer dereference in the function\n  TIFFPrintDirectory when using the tiffinfo tool to print crafted TIFF\n  information, a different vulnerability than CVE-2017-18013 (bsc#1082825)\n- CVE-2017-11613: Prevent denial of service in the TIFFOpen function. During\n  the TIFFOpen process, td_imagelength is not checked. The value of\n  td_imagelength can be directly controlled by an input file. In the\n  ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called\n  based on td_imagelength. If the value of td_imagelength is set close to the\n  amount of system memory, it will hang the system or trigger the OOM killer\n  (bsc#1082332)\n- CVE-2016-10266: Prevent remote attackers to cause a denial of service\n  (divide-by-zero error and application crash) via a crafted TIFF image, related\n  to libtiff/tif_read.c:351:22 (bsc#1031263)\n- CVE-2018-8905: Prevent heap-based buffer overflow in the function\n  LZWDecodeCompat via a crafted TIFF file (bsc#1086408)\n- CVE-2016-9540: Prevent out-of-bounds write on tiled images with odd tile\n  width versus image width (bsc#1011839).\n- CVE-2016-9535: tif_predict.h and tif_predict.c had assertions that could have\n  lead to assertion failures in debug mode, or buffer overflows in release mode,\n  when dealing with unusual tile size like YCbCr with subsampling (bsc#1011846).\n- CVE-2016-9535: tif_predict.h and tif_predict.c had assertions that could have\n  lead to assertion failures in debug mode, or buffer overflows in release mode,\n  when dealing with unusual tile size like YCbCr with subsampling (bsc#1011846).\n- Removed assert in readSeparateTilesIntoBuffer() function (bsc#1017689).\n- CVE-2016-10095: Prevent stack-based buffer overflow in the _TIFFVGetField\n  function that allowed remote attackers to cause a denial of service (crash) via\n  a crafted TIFF file (bsc#1017690).\n- CVE-2016-8331: Prevent remote code execution because of incorrect handling of\n  TIFF images. A crafted TIFF document could have lead to a type confusion\n  vulnerability resulting in remote code execution. This vulnerability could have\n  been be triggered via a TIFF file delivered to the application using LibTIFF's\n  tag extension functionality (bsc#1007276).\n- CVE-2016-3632: The _TIFFVGetField function allowed remote attackers to cause\n  a denial of service (out-of-bounds write) or execute arbitrary code via a\n  crafted TIFF image (bsc#974621).\n","id":"SUSE-SU-2018:1835-1","modified":"2018-06-28T09:41:44Z","published":"2018-06-28T09:41:44Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20181835-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1007276"},{"type":"REPORT","url":"https://bugzilla.suse.com/1011839"},{"type":"REPORT","url":"https://bugzilla.suse.com/1011846"},{"type":"REPORT","url":"https://bugzilla.suse.com/1017689"},{"type":"REPORT","url":"https://bugzilla.suse.com/1017690"},{"type":"REPORT","url":"https://bugzilla.suse.com/1019611"},{"type":"REPORT","url":"https://bugzilla.suse.com/1031263"},{"type":"REPORT","url":"https://bugzilla.suse.com/1082332"},{"type":"REPORT","url":"https://bugzilla.suse.com/1082825"},{"type":"REPORT","url":"https://bugzilla.suse.com/1086408"},{"type":"REPORT","url":"https://bugzilla.suse.com/974621"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-8128"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-7554"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-10095"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-10266"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-3632"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5318"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-8331"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9535"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9540"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-11613"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5225"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-7456"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-8905"}],"related":["CVE-2014-8128","CVE-2015-7554","CVE-2016-10095","CVE-2016-10266","CVE-2016-3632","CVE-2016-5318","CVE-2016-8331","CVE-2016-9535","CVE-2016-9540","CVE-2017-11613","CVE-2017-5225","CVE-2018-7456","CVE-2018-8905"],"summary":"Security update for tiff","upstream":["CVE-2014-8128","CVE-2015-7554","CVE-2016-10095","CVE-2016-10266","CVE-2016-3632","CVE-2016-5318","CVE-2016-8331","CVE-2016-9535","CVE-2016-9540","CVE-2017-11613","CVE-2017-5225","CVE-2018-7456","CVE-2018-8905"]}