Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 678
    • Issues 678
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 158
    • Merge Requests 158
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • alpine
  • aportsaports
  • Issues
  • #9583

Closed
Open
Opened Oct 25, 2018 by Alicha CH@alichaReporter

[3.9] tiff: Multiple vulnerabilities (CVE-2018-10779, CVE-2018-17100, CVE-2018-17101)

CVE-2018-10779: Heap Buffer Overflow in TIFFWriteScanline of tif_write.c

References:

http://bugzilla.maptools.org/show\_bug.cgi?id=2788
https://nvd.nist.gov/vuln/detail/CVE-2018-10779

Patch:

https://gitlab.com/libtiff/libtiff/commit/981e43ecae83935625c86c9118c0778c942c7048

CVE-2018-17100: An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c,
which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.

References:

http://bugzilla.maptools.org/show\_bug.cgi?id=2810

Patch:

https://gitlab.com/libtiff/libtiff/merge\_requests/33/diffs?commit\_id=6da1fb3f64d43be37e640efbec60400d1f1ac39e

CVE-2018-17101: An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c,
which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.

References:

http://bugzilla.maptools.org/show\_bug.cgi?id=2807

Patch:

https://gitlab.com/libtiff/libtiff/merge\_requests/33/diffs?commit\_id=f1b94e8a3ba49febdd3361c0214a1d1149251577

(from redmine: issue id 9583, created on 2018-10-25, closed on 2018-11-08)

  • Relations:
    • parent #9582 (closed)
  • Changesets:
    • Revision fb2c4a5a on 2018-11-06T15:33:55Z:
main/tiff: security fixes

(CVE-2018-10779, CVE-2018-17100, CVE-2018-17101)

Fixes #9583
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
3.9.0
Milestone
3.9.0 (Past due)
Assign milestone
Time tracking
None
Due date
None
Reference: alpine/aports#9583