[3.9] tiff: Multiple vulnerabilities (CVE-2018-12900, CVE-2018-18557, CVE-2018-18661) (#9715) · Issues · alpine / aports

[3.9] tiff: Multiple vulnerabilities (CVE-2018-12900, CVE-2018-18557, CVE-2018-18661)

CVE-2018-12900: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service

Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 4.0.9 allows remote
attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.

References:

http://bugzilla.maptools.org/show\_bug.cgi?id=2798
https://nvd.nist.gov/vuln/detail/CVE-2018-12900

CVE-2018-18557: Out-of-bounds write in tif_jbig.c

LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer,
ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.

References:

https://bugs.chromium.org/p/project-zero/issues/detail?id=1697
https://nvd.nist.gov/vuln/detail/CVE-2018-18557

CVE-2018-18661: tiff2bw tool failed memory allocation leads to crash

An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function
LZWDecode in the file tif_lzw.c.

References:

http://bugzilla.maptools.org/show\_bug.cgi?id=2819
https://nvd.nist.gov/vuln/detail/CVE-2018-18661

Patch:

https://gitlab.com/libtiff/libtiff/commit/99b10edde9a0fc28cc0e7b7757aa18ac4c8c225f

(from redmine: issue id 9715, created on 2018-11-29, closed on 2018-12-07)

Relations:
- parent #9714 (closed)
Changesets:
- Revision 0c504ed6 by Natanael Copa on 2018-11-30T11:58:02Z:

main/tiff: security upgrade to 4.0.10

CVE-2018-12900, CVE-2018-18557, CVE-2018-18661

fixes #9715

CVE-2018-12900: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service
--------------------------------------------------------------------------------------------------------------------

Heap-based buffer overflow in the cpSeparateBufToContigBuf function in
tiffcp.c in LibTIFF 4.0.9 allows remote  
attackers to cause a denial of service (crash) or possibly have
unspecified other impact via a crafted TIFF file.

### References:

http://bugzilla.maptools.org/show\_bug.cgi?id=2798  
https://nvd.nist.gov/vuln/detail/CVE-2018-12900

CVE-2018-18557: Out-of-bounds write in tif\_jbig.c
--------------------------------------------------

LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a
buffer,  
ignoring the buffer size, which leads to a tif\_jbig.c JBIGDecode
out-of-bounds write.

### References:

https://bugs.chromium.org/p/project-zero/issues/detail?id=1697  
https://nvd.nist.gov/vuln/detail/CVE-2018-18557

CVE-2018-18661: tiff2bw tool failed memory allocation leads to crash
--------------------------------------------------------------------

An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer
dereference in the function  
LZWDecode in the file tif\_lzw.c.

### References:

http://bugzilla.maptools.org/show\_bug.cgi?id=2819  
https://nvd.nist.gov/vuln/detail/CVE-2018-18661

### Patch:

https://gitlab.com/libtiff/libtiff/commit/99b10edde9a0fc28cc0e7b7757aa18ac4c8c225f

*(from redmine: issue id 9715, created on 2018-11-29, closed on 2018-12-07)*

* Relations:
  * parent #9714
* Changesets:
  * Revision 0c504ed6ce49ffab8f4090a5a3ddaeeda27ecbf5 by Natanael Copa on 2018-11-30T11:58:02Z:

```
main/tiff: security upgrade to 4.0.10

CVE-2018-12900, CVE-2018-18557, CVE-2018-18661

fixes #9715
```

Discussion
Designs

The one place for your designs

To enable design management, you'll need to meet the requirements. If you need help, reach out to our support team for assistance.