{"affected":[{"ecosystem_specific":{"binaries":[{"libtiff-devel":"4.0.9-5.9.1","libtiff5":"4.0.9-5.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15","name":"tiff","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.0.9-5.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libtiff5-32bit":"4.0.9-5.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Desktop Applications 15","name":"tiff","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.0.9-5.9.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for tiff fixes the following security issues:\n\nThese security issues were fixed:\n\n- CVE-2017-18013: Fixed a NULL pointer dereference in the\n  tif_print.cTIFFPrintDirectory function that could have lead to denial of\n  service (bsc#1074317).\n- CVE-2018-10963: Fixed an assertion failure in the TIFFWriteDirectorySec()\n  function in tif_dirwrite.c, which allowed remote attackers to cause a denial\n  of service via a crafted file (bsc#1092949).\n- CVE-2018-7456: Prevent a NULL Pointer dereference in the function\n  TIFFPrintDirectory when using the tiffinfo tool to print crafted TIFF\n  information, a different vulnerability than CVE-2017-18013 (bsc#1082825).\n- CVE-2017-11613: Prevent denial of service in the TIFFOpen function. During\n  the TIFFOpen process, td_imagelength is not checked. The value of\n  td_imagelength can be directly controlled by an input file. In the\n  ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called\n  based on td_imagelength. If the value of td_imagelength is set close to the\n  amount of system memory, it will hang the system or trigger the OOM killer\n  (bsc#1082332).\n- CVE-2018-8905: Prevent heap-based buffer overflow in the function\n  LZWDecodeCompat via a crafted TIFF file (bsc#1086408).\n","id":"SUSE-SU-2018:1889-1","modified":"2018-07-05T06:41:28Z","published":"2018-07-05T06:41:28Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20181889-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1074317"},{"type":"REPORT","url":"https://bugzilla.suse.com/1082332"},{"type":"REPORT","url":"https://bugzilla.suse.com/1082825"},{"type":"REPORT","url":"https://bugzilla.suse.com/1086408"},{"type":"REPORT","url":"https://bugzilla.suse.com/1092949"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-11613"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-18013"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-10963"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-7456"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-8905"}],"related":["CVE-2017-11613","CVE-2017-18013","CVE-2018-10963","CVE-2018-7456","CVE-2018-8905"],"summary":"Security update for tiff","upstream":["CVE-2017-11613","CVE-2017-18013","CVE-2018-10963","CVE-2018-7456","CVE-2018-8905"]}