Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 620
Alerts This Week
Warning Icon 1 620

Debian 8 Jessie: DLA-1680-1 High: Tiff Denial Of Service Advisory

debian lts
Calendar Grey February 18, 2019
Dist Debian Esm H88
Package : tiff Version : 4.0.3-12.3+deb8u8 CVE ID : CVE-2018-17000 CVE-2018-19210 CVE-2019-7663 Brie
Brief introduction CVE-2018-17000

Summary

CVE-2018-17000

A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c
(called from TIFFWriteDirectoryTagTransferfunction) allows an
attacker to cause a denial-of-service through a crafted tiff file. This
vulnerability can be triggered by the executable tiffcp.

CVE-2018-19210

There is a NULL pointer dereference in the TIFFWriteDirectorySec function
in tif_dirwrite.c that will lead to a denial of service attack, as
demonstrated by tiffset.

CVE-2019-7663

An Invalid Address dereference was discovered in
TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c,
affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote
attackers could leverage this vulnerability to cause a denial-of-service
via a crafted tiff file.

We believe this is the same as CVE-2018-17000 (above).

For Debian 8 "Jessie", these problems have been fixed in version
4.0.3-12.3+deb8u8.

We recommend that you upgrade your tiff packages.

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Package: tiff
Version: 4.0.3-12.3+deb8u8
CVE ID: CVE-2018-17000 CVE-2018-19210 CVE-2019-7663

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.