Mageia: 2018-0409 Moderate: LibTIFF Heap Overflow and Remote Exploit

mageia

October 20, 2018

Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file (CVE-2016-5319)

Summary

Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file (CVE-2016-5319).
In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c (CVE-2017-17942).
TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff (CVE-2018-10779).

References

- https://bugs.mageia.org/show_bug.cgi?id=23142

- https://www.cve.org/CVERecord?id=CVE-2016-5319

- https://www.cve.org/CVERecord?id=CVE-2017-17942

- https://www.cve.org/CVERecord?id=CVE-2018-10779

Topics Covered

security advisory remote exploit software update heap overflow libtiff buffer over-read Mageia

Resolution

SRPMS

- 6/core/libtiff-4.0.9-1.6.mga6

Publication date: 20 Oct 2018

URL: https://advisories.mageia.org/MGASA-2018-0409.html

Type: security

CVE: CVE-2016-5319, CVE-2017-17942, CVE-2018-10779

Topics Covered

security advisory remote exploit software update heap overflow libtiff buffer over-read Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks