FS#54842 - [libtiff] [lib32-libtiff] [Security] arbitrary code execution (CVE-2016-10095 CVE-2015-7554)

Attached to Project: Arch Linux
Opened by Pablo Lezaeta (Jristz) - Sunday, 16 July 2017, 22:58 GMT
Last edited by Antonio Rojas (arojas) - Monday, 17 July 2017, 07:31 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To Eric Belanger (Snowman)
Antonio Rojas (arojas)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Summary
=======

The package libtiff and lib32-libtiff are vulnerable to arbitrary code execution via CVE-2016-10095 and CVE-2015-7554.

Guidance
========

CVE-2015-7554: An Invalid memory write flaw was found in libtiff in the way it parsed certain extension tags when reading TIFF format files. A remote attacker could use this flaw to crash or even execute arbitrary code with the permission of the user running such an application compiled against libtiff.
CVE-2016-10095: A stack-based buffer overflow vulnerability was found in libtiff when running tiffslpit on crafted tiff file.

For CVE-2015-7554 Debian bugtracker claim to be fixed in 4.0.8-2 therefor maybe it need a patch for both packages.
For CVE-2016-10095 aparently the same 4.0.8-2 fix the problem.

Yet there is CVE-2017-9935 not fixed on 4.0.8-2 but should be on upstream 4.0.9 or by debian the fist one to serve.

References
==========

https://security.archlinux.org/AVG-5
http://seclists.org/oss-sec/2017/q1/10
https://blogs.gentoo.org/ago/2017/01/01/libtiff-stack-based-buffer-overflow-in-_tiffvgetfield-tif_dir-c/
http://seclists.org/oss-sec/2015/q4/590
http://bugzilla.maptools.org/show_bug.cgi?id=2564
This task depends upon

Closed by  Antonio Rojas (arojas)
Monday, 17 July 2017, 07:31 GMT
Reason for closing:  Fixed
Additional comments about closing:  libtiff 4.0.8-2, lib32-libtiff 4.0.8-1

Loading...