Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:GA
patchinfo.7538
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.7538
<patchinfo incident="7538"> <issue tracker="bnc" id="1092949">VUL-1: CVE-2018-10963: tiff: The TIFFWriteDirectorySec() function in tif_dirwrite.c allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file</issue> <issue tracker="bnc" id="1074317">VUL-0: CVE-2017-18013: tiff: A Null-Pointer Dereference in the tif_print.cTIFFPrintDirectory function, could lead to denial of service</issue> <issue id="1007276" tracker="bnc">VUL-0: CVE-2016-8331: tiff: FAX IFD Entry Parsing Type Confusion</issue> <issue id="1082332" tracker="bnc">VUL-1: CVE-2017-11613: tiff: denial of service in TIFFOpen function</issue> <issue id="1082825" tracker="bnc">VUL-0: CVE-2018-7456: tiff: A NULL Pointer Dereference occurs in the function TIFFPrintDirectory intif_print.c when using the tiffinfo tool to print crafted TIFFinformation, a different vulnerability than CVE-2017-18013.</issue> <issue id="1086408" tracker="bnc">VUL-0: CVE-2018-8905: tiff: A heap-based buffer overflow occurs in the functionLZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated bytiff2ps.</issue> <issue id="974621" tracker="bnc">VUL-1: CVE-2016-3632: tiff: Illegal write in thumbnail / _TIFFVGetField</issue> <issue id="2016-3632" tracker="cve" /> <issue id="2016-8331" tracker="cve" /> <issue id="2017-11613" tracker="cve" /> <issue id="2017-13726" tracker="cve" /> <issue id="2018-7456" tracker="cve" /> <issue id="2018-8905" tracker="cve" /> <issue tracker="cve" id="2018-10963"/> <issue tracker="cve" id="2017-18013"/> <category>security</category> <rating>moderate</rating> <packager>mvetter</packager> <description>This update for tiff fixes the following issues: These security issues were fixed: - CVE-2017-18013: There was a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash. (bsc#1074317) - CVE-2018-10963: The TIFFWriteDirectorySec() function in tif_dirwrite.c allowed remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. (bsc#1092949) - CVE-2018-7456: Prevent a NULL Pointer dereference in the function TIFFPrintDirectory when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013 (bsc#1082825) - CVE-2017-11613: Prevent denial of service in the TIFFOpen function. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If the value of td_imagelength is set close to the amount of system memory, it will hang the system or trigger the OOM killer (bsc#1082332) - CVE-2018-8905: Prevent heap-based buffer overflow in the function LZWDecodeCompat via a crafted TIFF file (bsc#1086408) - CVE-2016-8331: Prevent remote code execution because of incorrect handling of TIFF images. A crafted TIFF document could have lead to a type confusion vulnerability resulting in remote code execution. This vulnerability could have been be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality (bsc#1007276) - CVE-2016-3632: The _TIFFVGetField function allowed remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image (bsc#974621) </description> <summary>Security update for tiff</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor