tiff: Multiple vulnerabilities (CVE-2018-12900, CVE-2018-18557, CVE-2018-18661) (#9714) · Issues · alpine / aports

tiff: Multiple vulnerabilities (CVE-2018-12900, CVE-2018-18557, CVE-2018-18661)

CVE-2018-12900: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service

Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 4.0.9 allows remote
attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.

References:

http://bugzilla.maptools.org/show\_bug.cgi?id=2798
https://nvd.nist.gov/vuln/detail/CVE-2018-12900

CVE-2018-18557: Out-of-bounds write in tif_jbig.c

LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer,
ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.

References:

https://bugs.chromium.org/p/project-zero/issues/detail?id=1697
https://nvd.nist.gov/vuln/detail/CVE-2018-18557

CVE-2018-18661: tiff2bw tool failed memory allocation leads to crash

An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function
LZWDecode in the file tif_lzw.c.

References:

http://bugzilla.maptools.org/show\_bug.cgi?id=2819
https://nvd.nist.gov/vuln/detail/CVE-2018-18661

Patch:

https://gitlab.com/libtiff/libtiff/commit/99b10edde9a0fc28cc0e7b7757aa18ac4c8c225f

(from redmine: issue id 9714, created on 2018-11-29, closed on 2018-12-07)

Relations:
- child #9715 (closed)
- child #9716 (closed)
- child #9717 (closed)
- child #9718 (closed)

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information