[3.9] tiff: Multiple vulnerabilities (CVE-2018-12900, CVE-2018-18557, CVE-2018-18661)
CVE-2018-12900: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service
Heap-based buffer overflow in the cpSeparateBufToContigBuf function in
tiffcp.c in LibTIFF 4.0.9 allows remote
attackers to cause a denial of service (crash) or possibly have
unspecified other impact via a crafted TIFF file.
References:
http://bugzilla.maptools.org/show\_bug.cgi?id=2798
https://nvd.nist.gov/vuln/detail/CVE-2018-12900
CVE-2018-18557: Out-of-bounds write in tif_jbig.c
LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a
buffer,
ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode
out-of-bounds write.
References:
https://bugs.chromium.org/p/project-zero/issues/detail?id=1697
https://nvd.nist.gov/vuln/detail/CVE-2018-18557
CVE-2018-18661: tiff2bw tool failed memory allocation leads to crash
An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer
dereference in the function
LZWDecode in the file tif_lzw.c.
References:
http://bugzilla.maptools.org/show\_bug.cgi?id=2819
https://nvd.nist.gov/vuln/detail/CVE-2018-18661
Patch:
https://gitlab.com/libtiff/libtiff/commit/99b10edde9a0fc28cc0e7b7757aa18ac4c8c225f
(from redmine: issue id 9715, created on 2018-11-29, closed on 2018-12-07)
- Relations:
- parent #9714 (closed)
- Changesets:
- Revision 0c504ed6 by Natanael Copa on 2018-11-30T11:58:02Z:
main/tiff: security upgrade to 4.0.10
CVE-2018-12900, CVE-2018-18557, CVE-2018-18661
fixes #9715