Issue metadata
Sign in to add a comment
|
CrOS: Vulnerability reported in media-libs/tiff |
||||||||||||||||||||||||
Issue descriptionAutomated analysis has detected that the following third party packages have had vulnerabilities publicly reported. NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package. Package Name: media-libs/tiff Package Version: [cpe:/a:libtiff:libtiff:4.0.6 cpe:/a:libtiff_project:libtiff:4.0.6] Advisory: CVE-2015-1547 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2015-1547 CVSS severity score: 4.3/10.0 Confidence: high Description: The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif. Advisory: CVE-2015-7554 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2015-7554 CVSS severity score: 7.5/10.0 Confidence: high Description: The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image. Advisory: CVE-2015-8665 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2015-8665 CVSS severity score: 4.3/10.0 Confidence: high Description: tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image. Advisory: CVE-2015-8668 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2015-8668 CVSS severity score: 7.5/10.0 Confidence: high Description: Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image. Advisory: CVE-2015-8683 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2015-8683 CVSS severity score: 4.3/10.0 Confidence: high Description: The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image. Advisory: CVE-2016-3186 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-3186 CVSS severity score: 5/10.0 Confidence: high Description: Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file. Advisory: CVE-2016-3619 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-3619 CVSS severity score: 4.3/10.0 Confidence: high Description: The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. Advisory: CVE-2016-3620 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-3620 CVSS severity score: 5/10.0 Confidence: high Description: The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c zip" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. Advisory: CVE-2016-3621 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-3621 CVSS severity score: 6.8/10.0 Confidence: high Description: The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c lzw" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image. Advisory: CVE-2016-3622 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-3622 CVSS severity score: 4.3/10.0 Confidence: high Description: The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image. Advisory: CVE-2016-3623 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-3623 CVSS severity score: 5/10.0 Confidence: high Description: The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0. Advisory: CVE-2016-3624 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-3624 CVSS severity score: 5/10.0 Confidence: high Description: The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the "-v" option to -1. Advisory: CVE-2016-3625 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-3625 CVSS severity score: 4.3/10.0 Confidence: high Description: tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image. Advisory: CVE-2016-3631 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-3631 CVSS severity score: 5/10.0 Confidence: high Description: The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the bytecounts[] array variable. Advisory: CVE-2016-3632 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-3632 CVSS severity score: 6.8/10.0 Confidence: high Description: The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image. Advisory: CVE-2016-3633 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-3633 CVSS severity score: 5/10.0 Confidence: high Description: The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the src variable. Advisory: CVE-2016-3634 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-3634 CVSS severity score: 5/10.0 Confidence: high Description: The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to field_tag matching. Advisory: CVE-2016-3658 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-3658 CVSS severity score: 5/10.0 Confidence: high Description: The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable. Advisory: CVE-2016-3945 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-3945 CVSS severity score: 6.8/10.0 Confidence: high Description: Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write. Advisory: CVE-2016-3990 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-3990 CVSS severity score: 6.8/10.0 Confidence: high Description: Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp. Advisory: CVE-2016-3991 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-3991 CVSS severity score: 6.8/10.0 Confidence: high Description: Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles. Advisory: CVE-2016-5316 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-5316 CVSS severity score: 4.3/10.0 Confidence: high Description: Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool. Advisory: CVE-2016-5317 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-5317 CVSS severity score: 4.3/10.0 Confidence: high Description: Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file. Advisory: CVE-2016-5318 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-5318 CVSS severity score: 4.3/10.0 Confidence: high Description: Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff. Advisory: CVE-2016-5319 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-5319 CVSS severity score: 4.3/10.0 Confidence: high Description: Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file. Advisory: CVE-2016-5321 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-5321 CVSS severity score: 4.3/10.0 Confidence: high Description: The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image. Advisory: CVE-2016-5323 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-5323 CVSS severity score: 5/10.0 Confidence: high Description: The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image. Advisory: CVE-2016-5652 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-5652 CVSS severity score: 6.8/10.0 Confidence: high Description: An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means. Advisory: CVE-2016-6223 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-6223 CVSS severity score: 6.4/10.0 Confidence: high Description: The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer. Advisory: CVE-2016-8331 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-8331 CVSS severity score: 6.8/10.0 Confidence: high Description: An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality. Advisory: CVE-2016-9273 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-9273 CVSS severity score: 4.3/10.0 Confidence: high Description: tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode. Advisory: CVE-2016-9297 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-9297 CVSS severity score: 5/10.0 Confidence: high Description: The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values.
,
Feb 4 2017
,
Feb 17 2017
marcheu: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers? If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one? If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 3 2017
marcheu: Uh oh! This issue still open and hasn't been updated in the last 28 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers? If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one? If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 21 2017
,
Mar 21 2017
,
Jun 28 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by xzhou@chromium.org
, Feb 4 2017Components: OS>Systems
Labels: Security_Severity-Medium Security_Impact-Stable
Owner: marc...@chromium.org
Status: Assigned (was: Untriaged)