Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

Debian 8: DLA-1411-1 Moderate: TIFF Denial Of Service Threats

debian lts
Calendar Grey July 2, 2018
Dist Debian Esm H88
Follow these steps to fix Denial of Service vulnerabilities in the TIFF library on Debian 8 "Jessie": update the package list, upgrade TIFF, verify, reboot if needed, and monitor updates
Several issues were discovered in TIFF, the Tag Image File Format library, that allowed remote attackers to cause a denial-of-service or other unspecified impact via a crafted imag...

Summary

CVE-2018-10963: DoS vulnerability
The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF
allows remote attackers to cause a denial of service (assertion
failure and application crash) via a crafted file, a different
vulnerability than CVE-2017-13726.

CVE-2018-5784: DoS vulnerability
In LibTIFF, there is an uncontrolled resource consumption in the
TIFFSetDirectory function of tif_dir.c. Remote attackers could
leverage this vulnerability to cause a denial of service via a
crafted tif file.
This occurs because the declared number of directory entries is not
validated against the actual number of directory entries.

CVE-2018-7456: NULL Pointer Dereference
A NULL Pointer Dereference occurs in the function TIFFPrintDirectory
in tif_print.c in LibTIFF when using the tiffinfo tool to print
crafted TIFF information, a different vulnerability than
CVE-2017-18013. (This affects an earlier part of the

Read the Full Advisory


Package: tiff
Version: 4.0.3-12.3+deb8u6
CVE ID: CVE-2017-11613 CVE-2018-5784 CVE-2018-7456
Debian Bug: 869823 898348 890441 891288 893806

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here