From ${URL} : Multiple vulnerabilities have been discovered in several tools distributed along with LibTIFF. Upstream references: - CVE-2014-8130 libtiff: Divide By Zero in the tiffdither tool http://bugzilla.maptools.org/show_bug.cgi?id=2483 - CVE-2014-8127 libtiff: Out-of-bounds Read in the thumbnail tool http://bugzilla.maptools.org/show_bug.cgi?id=2484 - CVE-2014-8127 libtiff: Out-of-bounds Read in the tiff2bw tool http://bugzilla.maptools.org/show_bug.cgi?id=2485 - CVE-2014-8127 libtiff: Out-of-bounds Read in the tiff2rgba tool http://bugzilla.maptools.org/show_bug.cgi?id=2486 - CVE-2014-8129 libtiff: Out-of-bounds Read & Write in the tiff2pdf tool http://bugzilla.maptools.org/show_bug.cgi?id=2487 - CVE-2014-8129 libtiff: Out-of-bounds Read & Write in the tiff2pdf tool http://bugzilla.maptools.org/show_bug.cgi?id=2488 - CVE-2014-8128 libtiff: Out-of-bounds Write in the thumbnail tool http://bugzilla.maptools.org/show_bug.cgi?id=2489 - CVE-2014-8128 libtiff: Out-of-bounds Write in the tiffdither tool http://bugzilla.maptools.org/show_bug.cgi?id=2490 - CVE-2014-8128 libtiff: Out-of-bounds Write in the tiffdither tool http://bugzilla.maptools.org/show_bug.cgi?id=2491 - CVE-2014-8128 libtiff: Out-of-bounds Write in the tiffdither tool http://bugzilla.maptools.org/show_bug.cgi?id=2492 - CVE-2014-8128 libtiff: Out-of-bounds Write in the thumbnail and tiffcmp tools http://bugzilla.maptools.org/show_bug.cgi?id=2493 - CVE-2014-8128 libtiff: Out-of-bounds Write in the tiff2pdf tool http://bugzilla.maptools.org/show_bug.cgi?id=2495 - CVE-2014-8127 libtiff: Out-of-bounds Read in the tiff2ps and tiffdither tools http://bugzilla.maptools.org/show_bug.cgi?id=2496 - CVE-2014-8127 libtiff: Out-of-bounds Read in the tiffmedian tool http://bugzilla.maptools.org/show_bug.cgi?id=2497 - CVE-2014-8128 libtiff: Out-of-bounds Write in the thumbnail and tiffcmp tools http://bugzilla.maptools.org/show_bug.cgi?id=2499 - CVE-2014-8127 libtiff: Out-of-bounds Read in the tiffset tool http://bugzilla.maptools.org/show_bug.cgi?id=2500 - CVE-2014-8128 libtiff: Out-of-bounds Writes in the tiffdither tool http://bugzilla.maptools.org/show_bug.cgi?id=2501 All the crashes were discovered with the help of afl (http://lcamtuf.coredump.cx/afl/). Advisories: - CVE-2014-8127 http://www.conostix.com/pub/adv/CVE-2014-8127-LibTIFF-Out-of-bounds_Reads.txt - CVE-2014-8128 http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt - CVE-2014-8129 http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt - CVE-2014-8130 http://www.conostix.com/pub/adv/CVE-2014-8130-LibTIFF-Division_By_Zero.txt This was tested on Ubuntu 14.04.1 LTS (amd64) LibTIFF 4.0.3-7ubuntu0.1 . Last stable LibTIFF source release v4.0.3 is also affected. Upstream CVS HEAD contains fixes for all bugs except the following: - CVE-2014-8128 libtiff: Out-of-bounds Write in the thumbnail and tiffcmp tools http://bugzilla.maptools.org/show_bug.cgi?id=2499 - CVE-2014-8127 libtiff: Out-of-bounds Read in the tiffset tool http://bugzilla.maptools.org/show_bug.cgi?id=2500 - CVE-2014-8128 libtiff: Out-of-bounds Writes in the tiffdither tool http://bugzilla.maptools.org/show_bug.cgi?id=2501 Please accept my apologies for the mishandling of this report. I did not conform to the distros list policy regarding embargo time enforcement and I failed to notify oss-security before creating bug reports on public upstream's Bugzilla. Clearly, notifying the distros list before upstream was not the way to go. I take full responsibility for this. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Further CVEs assigned in http://seclists.org/oss-sec/2015/q1/454
The following have been addressed in http://libtiff.maptools.org/v4.0.4beta.html CVE-2014-{8127,8128,8129} CVE-2014-9655 addressed in https://abi-laboratory.pro/tracker/changelog/libtiff/4.0.4/log.html CVE-2014-8130 can no longer be reproduced by upstream http://bugzilla.maptools.org/show_bug.cgi?id=2483 CVE-2015-1547 remains unfixed.
(In reply to Aaron Bauman from comment #2) > CVE-2015-1547 remains unfixed. Fixed in 4.0.7, from https://bugzilla.redhat.com/show_bug.cgi?id=1190709#c3: > Considering above part of patch that fixes CVE-2014-9655 in tif_next.c from > commit https://github.com/vadz/libtiff/commit/40a5955cbf0df62b1f9e9bd7d9657b0070725d19 > fixes CVE-2015-1547 Added to existing GLSA request.
This issue was resolved and addressed in GLSA 201701-16 at https://security.gentoo.org/glsa/201701-16 by GLSA coordinator Thomas Deutschmann (whissi).
