libtiff-3.9.4-10.AXS4

エラータID: AXSA:2014-199:01

Release date: 
Monday, April 7, 2014 - 18:29
Subject: 
libtiff-3.9.4-10.AXS4
Affected Channels: 
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity: 
High
Description: 

The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large.

The libtiff package should be installed if you need to manipulate TIFF format image files.

Security issues fixed with this release:

• CVE-2010-2596
The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF image, related to "downsampled OJPEG input."

• CVE-2013-1960
Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file.

• CVE-2013-1961
Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file.

• CVE-2013-4231
Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size.

• CVE-2013-4232
Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possible execute arbitrary code via a crafted TIFF image.

• CVE-2013-4243
Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image.

• CVE-2013-4244
The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image.

Solution: 

Update packages.

CVEs: 
CVE-2010-2596
The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and 3.9.2, as used in tiff2ps, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF image, related to "downsampled OJPEG input."
CVE-2013-1960
Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file.
CVE-2013-1961
Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file.
CVE-2013-4231
Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size.
CVE-2013-4232
Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted TIFF image.
CVE-2013-4243
Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image.
CVE-2013-4244
The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image.


Additional Info: 

N/A

Download: 

SRPMS
  1. libtiff-3.9.4-10.AXS4.src.rpm
    MD5: efa295f1fe0761d9a506a8fa8bd25614
    SHA-256: 1a43ce918f1945c94dfec82ab2aaf7604ba477872caa201eb8dfe580a908c1ba
    Size: 1.41 MB

Asianux Server 4 for x86
  1. libtiff-3.9.4-10.AXS4.i686.rpm
    MD5: 6083816b07ea62b925d85a736a48a4df
    SHA-256: 5d730a3475b9eda9da36a52558addf2ad65ed2dd17dc6018a171c6cb769c5b5d
    Size: 338.48 kB
  2. libtiff-devel-3.9.4-10.AXS4.i686.rpm
    MD5: 655ab283087649f2930b7377a3422896
    SHA-256: 5d228e93272eb61b0499527337c433af328e66249a104b653e51bf5470bf4fdb
    Size: 467.99 kB

Asianux Server 4 for x86_64
  1. libtiff-3.9.4-10.AXS4.x86_64.rpm
    MD5: 44161f7138062cbaf1b548b0a47d37e0
    SHA-256: b89fd9caefc1d8bc611fd0607cc7c03d2260d5bd7a814f1b07624042318f5a49
    Size: 341.70 kB
  2. libtiff-devel-3.9.4-10.AXS4.x86_64.rpm
    MD5: 9b58257a46a27572c97cc02060cd0467
    SHA-256: 9552b7e1d5418e4be3df343e58c5ada439e1195a167f4aaa6497de5ceabf802c
    Size: 467.57 kB
  3. libtiff-3.9.4-10.AXS4.i686.rpm
    MD5: 6083816b07ea62b925d85a736a48a4df
    SHA-256: 5d730a3475b9eda9da36a52558addf2ad65ed2dd17dc6018a171c6cb769c5b5d
    Size: 338.48 kB
  4. libtiff-devel-3.9.4-10.AXS4.i686.rpm
    MD5: 655ab283087649f2930b7377a3422896
    SHA-256: 5d228e93272eb61b0499527337c433af328e66249a104b653e51bf5470bf4fdb
    Size: 467.99 kB