Issue metadata
Sign in to add a comment
|
CrOS: Vulnerability reported in media-libs/tiff |
||||||||||||||||||||||||
Issue descriptionAutomated analysis has detected that the following third party packages have had vulnerabilities publicly reported. NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package. Package Name: media-libs/tiff Package Version: [cpe:/a:libtiff:libtiff:4.0.6 cpe:/a:libtiff_project:libtiff:4.0.6] Advisory: CVE-2016-9533 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-9533 CVSS severity score: 7.5/10.0 Confidence: high Description: tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog horizontalDifference heap-buffer-overflow." Advisory: CVE-2016-9534 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-9534 CVSS severity score: 7.5/10.0 Confidence: high Description: tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow." Advisory: CVE-2016-9535 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-9535 CVSS severity score: 7.5/10.0 Confidence: high Description: tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow." Advisory: CVE-2016-9536 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-9536 CVSS severity score: 7.5/10.0 Confidence: high Description: tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka "t2p_process_jpeg_strip heap-buffer-overflow." Advisory: CVE-2016-9537 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-9537 CVSS severity score: 7.5/10.0 Confidence: high Description: tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097. Advisory: CVE-2016-9538 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-9538 CVSS severity score: 7.5/10.0 Confidence: high Description: tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100. Advisory: CVE-2016-9539 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-9539 CVSS severity score: 7.5/10.0 Confidence: high Description: tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092. Advisory: CVE-2016-9540 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-9540 CVSS severity score: 7.5/10.0 Confidence: high Description: tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow."
,
Feb 4 2017
,
Feb 17 2017
marcheu: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers? If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one? If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 3 2017
marcheu: Uh oh! This issue still open and hasn't been updated in the last 28 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers? If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one? If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 21 2017
,
Mar 21 2017
,
Jun 28 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by xzhou@chromium.org
, Feb 4 2017Components: OS>Systems
Labels: Security_Severity-Medium Security_Impact-Stable
Owner: marc...@chromium.org
Status: Assigned (was: Untriaged)