[3.6] tiff: Multiple vulnerabilities (CVE-2017-9147, CVE-2017-9403, CVE-2017-9404, CVE-2017-9936, CVE-2017-10688)
CVE-2017-9147: LibTIFF 4.0.7 has an invalid read in the
_TIFFVGetField function in tif_dir.c, which
might allow remote attackers to cause a denial of service (crash) via a
crafted TIFF file.
Reference:
http://bugzilla.maptools.org/show\_bug.cgi?id=2693
Patch:
https://github.com/vadz/libtiff/commit/4d4fa0b68ae9ae038959ee4f69ebe288ec892f06
CVE-2017-9403: In LibTIFF 4.0.7, a memory leak vulnerability was
found in the function TIFFReadDirEntryLong8Array in tif_dirread.c,
which allows attackers to cause a denial of service via a crafted file.
Reference:
http://bugzilla.maptools.org/show\_bug.cgi?id=2689
Patch:
https://github.com/vadz/libtiff/commit/fb3dc46a2fcf6197ff3b93fc76f0c37fddc0333b
CVE-2017-9404: In LibTIFF 4.0.7, a memory leak vulnerability was
found in the function OJPEGReadHeaderInfoSecTablesQTable
in tif_ojpeg.c, which allows attackers to cause a denial of service via
a crafted file.
References:
http://bugzilla.maptools.org/show\_bug.cgi?id=2688
https://security-tracker.debian.org/tracker/CVE-2017-9404
CVE-2017-9936: In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack.
Reference:
http://bugzilla.maptools.org/show\_bug.cgi?id=2706
Patch:
https://github.com/vadz/libtiff/commit/fe8d7165956b88df4837034a9161dc5fd20cf67a
CVE-2017-10688: In LibTIFF 4.0.8, there is a assertion abort in the
TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c.
A crafted input will lead to a remote denial of service attack.
Reference:
http://bugzilla.maptools.org/show\_bug.cgi?id=2712
Patch:
https://github.com/vadz/libtiff/commit/6173a57d39e04d68b139f8c1aa499a24dbe74ba1
(from redmine: issue id 7482, created on 2017-07-06, closed on 2017-08-07)
- Relations:
- parent #7480 (closed)
- Changesets:
- Revision 3b0fbd0f by Francesco Colista on 2017-08-07T12:36:25Z:
main/tiff: security upgrade to 4.0.8. Fixes #7482