Bug 634784 (CVE-2017-9117, CVE-2017-9147, CVE-2017-9815)

Summary:	<media-libs/tiff-4.0.8: Multiple vulnerabilities
Product:	Gentoo Security	Reporter:	GLSAMaker/CVETool Bot <glsamaker>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	graphics+disabled
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B3 [glsa? cve]
Package list:		Runtime testing required:	---
Bug Depends on:	618610
Bug Blocks:

Description GLSAMaker/CVETool Bot gentoo-dev

2017-10-19 15:51:30 UTC

CVE-2017-9815 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9815):
  In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in
  libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers
  to cause a denial of service (memory leak within the function _TIFFmalloc in
  tif_unix.c) via a crafted file.

CVE-2017-9404 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9404):
  In LibTIFF 4.0.7, a memory leak vulnerability was found in the function
  OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to
  cause a denial of service via a crafted file.

CVE-2017-9147 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9147):
  LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in
  tif_dir.c, which might allow remote attackers to cause a denial of service
  (crash) via a crafted TIFF file.

CVE-2017-9117 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9117):
  In LibTIFF 4.0.7, the program processes BMP images without verifying that
  biWidth and biHeight in the bitmap-information header match the actual
  input, leading to a heap-based buffer over-read in bmp2tiff.


@Maintainers LibTIFF 4.0.7 is vulnerable to multiple DoS vulnerabilites. Could you please call for 4.0.8 stabilization?

Comment 1 SpanKY gentoo-dev

2018-01-26 03:31:10 UTC

tiff-4.0.8 was stabilized via bug 618610