Automated analysis has detected that the following third party packages have had vulnerabilities publicly reported.
NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package.
Package Name: media-libs/tiff
Package Version: [cpe:/a:libtiff:libtiff:4.0.6 cpe:/a:libtiff:libtiff:4.0.7 cpe:/a:libtiff_project:libtiff:4.0.6 cpe:/a:libtiff_project:libtiff:4.0.7]
Advisory: CVE-2016-10266
Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-10266
CVSS severity score: 4.3/10.0
Confidence: high
Description:
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22.
Advisory: CVE-2016-10267
Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-10267
CVSS severity score: 4.3/10.0
Confidence: high
Description:
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8.
Advisory: CVE-2016-10268
Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-10268
CVSS severity score: 6.8/10.0
Confidence: high
Description:
tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 78490" and libtiff/tif_unix.c:115:23.
Advisory: CVE-2016-10269
Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-10269
CVSS severity score: 6.8/10.0
Confidence: high
Description:
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 512" and libtiff/tif_unix.c:340:2.
Advisory: CVE-2016-10270
Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-10270
CVSS severity score: 6.8/10.0
Confidence: high
Description:
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 8" and libtiff/tif_read.c:523:22.
Advisory: CVE-2016-10271
Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-10271
CVSS severity score: 6.8/10.0
Confidence: high
Description:
tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 1" and libtiff/tif_fax3.c:413:13.
Advisory: CVE-2016-10272
Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-10272
CVSS severity score: 6.8/10.0
Confidence: high
Description:
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and libtiff/tif_next.c:64:9.
Comment 1 by ta...@google.com
, Mar 30 2017Labels: Security_Severity-Medium Security_Impact-Stable
Owner: vapier@chromium.org
Status: Assigned (was: Untriaged)