SUSE-SU-2018:1472-1 -- SLES tiff, libtiffID: oval:org.secpod.oval:def:89002535 | Date: (C)2021-02-26 (M)2023-12-26 |
Class: PATCH | Family: unix |
This update for tiff fixes the following issues: Security issues fixed: - CVE-2016-5315: The setByteArray function in tif_dir.c allowed remote attackers to cause a denial of service via a crafted tiff image. - CVE-2016-10267: LibTIFF allowed remote attackers to cause a denial of service via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8. - CVE-2016-10269: LibTIFF allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted TIFF image, related to quot;READ of size 512quot; and libtiff/tif_unix.c:340:2. - CVE-2016-10270: LibTIFF allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted TIFF image, related to quot;READ of size 8quot; and libtiff/tif_read.c:523:22. - CVE-2017-18013: In LibTIFF, there was a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash. - CVE-2017-7593: tif_read.c did not ensure that tif_rawdata is properly initialized, which might have allowed remote attackers to obtain sensitive information from process memory via a crafted image. - CVE-2017-7595: The JPEGSetupEncode function in tiff_jpeg.c allowed remote attackers to cause a denial of service via a crafted image. - CVE-2017-7596: LibTIFF had an quot;outside the range of representable values of type floatquot; undefined behavior issue, which might have allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image. - CVE-2017-7597: tif_dirread.c had an quot;outside the range of representable values of type floatquot; undefined behavior issue, which might have allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image. - CVE-2017-7599: LibTIFF had an quot;outside the range of representable values of type shortquot; undefined behavior issue, which might have allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image. - CVE-2017-7600: LibTIFF had an quot;outside the range of representable values of type unsigned charquot; undefined behavior issue, which might have allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image. - CVE-2017-7601: LibTIFF had a quot;shift exponent too large for 64-bit type longquot; undefined behavior issue, which might have allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image. - CVE-2017-7602: LibTIFF had a signed integer overflow, which might have allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image. - Multiple divide by zero issues - CVE-2016-5314: Buffer overflow in the PixarLogDecode function in tif_pixarlog.c allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr
Platform: |
SUSE Linux Enterprise Server 11 SP4 |