Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

SUSE: 2018:3879-1 Moderate: tiff DoS Buffer Overflow Fixes

suse
Calendar Grey November 23, 2018
Dist Suse Esm H88
The recent update for TIFF addresses several concerns, notably the buffer overflow and Denial of Service (DoS) vulnerabilities categorized as moderately severe.
An update that fixes 11 vulnerabilities is now available

Summary

This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c (bsc#1113672). - CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf (bsc#1099257). - CVE-2017-9147: Fixed invalid read in the _TIFFVGetField function in tif_dir.c, that allowed remote attackers to cause a DoS via acrafted TIFF file (bsc#1040322). - CVE-2017-9117: Fixed BMP images processing that was verified without biWidth and biHeight values (bsc#1040080). - CVE-2017-17942: Fixed issue in the function PackBitsEncode that could have led to a heap overflow and caused a DoS (bsc#1074186). - CVE-2016-9273: Fixed heap-based buffer overflow issue (bsc#1010163).

References

#1010163 #1014461 #1040080 #1040322 #1074186

#1099257 #1113672 #974446 #974447 #974448

#983440

Cross- CVE-2015-8870 CVE-2016-3619 CVE-2016-3620

CVE-2016-3621 CVE-2016-5319 CVE-2016-9273

CVE-2017-17942 CVE-2017-9117 CVE-2017-9147

CVE-2018-12900 CVE-2018-18661

Affected Products:

SUSE Linux Enterprise Software Development Kit 11-SP4

SUSE Linux Enterprise Server 11-SP4

SUSE Linux Enterprise Debuginfo 11-SP4

https://www.suse.com/security/cve/CVE-2015-8870.html

https://www.suse.com/security/cve/CVE-2016-3619.html

https://www.suse.com/security/cve/CVE-2016-3620.html

https://www.suse.com/security/cve/CVE-2016-3621.html

https://www.suse.com/security/cve/CVE-2016-5319.html

https://www.suse.com/security/cve/CVE-2016-9273.html

Announcement ID: SUSE-SU-2018:3879-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.