libtiff-4.0.3-25.el7
エラータID: AXSA:2016-598:01
The libtiff package contains a library of functions for manipulating
TIFF (Tagged Image File Format) image format files. TIFF is a widely
used file format for bitmapped images. TIFF files usually end in the
.tif extension and they are often quite large.
The libtiff package should be installed if you need to manipulate TIFF
format image files.
Security issues fixed with this release:
CVE-2014-8127
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2014-8129
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2014-8130
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2014-9330
Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows
remote attackers to cause a denial of service (crash) via crafted BMP
image, related to dimensions, which triggers an out-of-bounds read.
CVE-2014-9655
The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2)
NeXTDecode function in tif_next.c in LibTIFF allows remote attackers
to cause a denial of service (uninitialized memory access) via a
crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and
libtiff-cvs-2.tif.
CVE-2015-1547
The NeXTDecode function in tif_next.c in LibTIFF allows remote
attackers to cause a denial of service (uninitialized memory access)
via a crafted TIFF image, as demonstrated by libtiff5.tif.
CVE-2015-7554
The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows
attackers to cause a denial of service (invalid memory write and
crash) or possibly have unspecified other impact via crafted field
data in an extension tag in a TIFF image.
CVE-2015-8665
tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a
denial of service (out-of-bounds read) via the SamplesPerPixel tag in
a TIFF image.
CVE-2015-8668
Heap-based buffer overflow in the PackBitsPreEncode function in
tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote
attackers to execute arbitrary code or cause a denial of service via a
large width field in a BMP image.
CVE-2015-8683
The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6
allows remote attackers to cause a denial of service (out-of-bounds
read) via a packed TIFF image.
CVE-2015-8781
tif_luv.c in libtiff allows attackers to cause a denial of service
(out-of-bounds write) via an invalid number of samples per pixel in a
LogL compressed TIFF image, a different vulnerability than
CVE-2015-8782.
CVE-2015-8782
tif_luv.c in libtiff allows attackers to cause a denial of service
(out-of-bounds writes) via a crafted TIFF image, a different
vulnerability than CVE-2015-8781.
CVE-2015-8783
tif_luv.c in libtiff allows attackers to cause a denial of service
(out-of-bounds reads) via a crafted TIFF image.
CVE-2015-8784
The NeXTDecode function in tif_next.c in LibTIFF allows remote
attackers to cause a denial of service (out-of-bounds write) via a
crafted TIFF image, as demonstrated by libtiff5.tif.
CVE-2016-3632
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-3945
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-3990
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-3991
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-5320
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
Update packages.
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.
The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.
Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) via crafted BMP image, related to dimensions, which triggers an out-of-bounds read.
The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.
The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif.
The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image.
tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image.
Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image.
The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image.
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782.
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781.
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image.
The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif.
The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image.
Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write.
Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp.
Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5314. Reason: This candidate is a reservation duplicate of CVE-2016-5314. Notes: All CVE users should reference CVE-2016-5314 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
N/A
SRPMS
- libtiff-4.0.3-25.el7.src.rpm
MD5: e8aa4c129abeb52e31a27739d04643ca
SHA-256: dff731455502beb0aaa5ad386049371f2d625f8eda9cd636b73f4c85f5adbe24
Size: 2.00 MB
Asianux Server 7 for x86_64
- libtiff-4.0.3-25.el7.x86_64.rpm
MD5: 4bd3e83e10067ce63b33cec9a4d2a9dd
SHA-256: 4a2b5b0c27936543b10fc4c5785162282c4c558da21d5949a36619377894d476
Size: 168.47 kB - libtiff-devel-4.0.3-25.el7.x86_64.rpm
MD5: 11820f2f7a5dfd2d0dba81682c51c485
SHA-256: 4b93b37bf29bf3b8b8108a7ce08fc01c23a6d3342d0dc2680809bba81d963ea6
Size: 471.52 kB - libtiff-4.0.3-25.el7.i686.rpm
MD5: cb2ae5dcfe7f045f86996ebecd61d360
SHA-256: b92ea09bfc24e24b0d585d0a85b36f2505a5f6bc26b2e6a404473699bc235e25
Size: 171.00 kB - libtiff-devel-4.0.3-25.el7.i686.rpm
MD5: 24354996a25fdc7efbaf61462702b74f
SHA-256: 1bacc8de7ee89d5f27aa7f9cf8aedecc7302ea6a4f4283c853e006b7c9c998fc
Size: 471.55 kB
日本語