|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2017-7598: tiff: tif_dirread.c might allow remote attackers to cause a denial of service | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Victor Pereira <vpereira> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | mvetter, pgajdos, smash_bz |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/183188/ | ||
| Whiteboard: | CVSSv2:NVD:CVE-2017-7598:4.3:(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVSSv3:NVD:CVE-2017-7598:7.8:(AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) CVSSv3:SUSE:CVE-2017-7598:5.3:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVSSv2:SUSE:CVE-2017-7598:4.3:(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVSSv3:RedHat:CVE-2017-7598:3.3:(AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Victor Pereira
2017-04-10 06:15:26 UTC
SUSE-SU-2017:2569-1: An update that fixes 14 vulnerabilities is now available. Category: security (moderate) Bug References: 1033109,1033111,1033112,1033113,1033118,1033120,1033126,1033127,1033128,1033129,1033131,1038438,1042804,1042805 CVE References: CVE-2016-10371,CVE-2017-7592,CVE-2017-7593,CVE-2017-7594,CVE-2017-7595,CVE-2017-7596,CVE-2017-7597,CVE-2017-7598,CVE-2017-7599,CVE-2017-7600,CVE-2017-7601,CVE-2017-7602,CVE-2017-9403,CVE-2017-9404 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP3 (src): tiff-4.0.8-44.3.1 SUSE Linux Enterprise Software Development Kit 12-SP2 (src): tiff-4.0.8-44.3.1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): tiff-4.0.8-44.3.1 SUSE Linux Enterprise Server 12-SP3 (src): tiff-4.0.8-44.3.1 SUSE Linux Enterprise Server 12-SP2 (src): tiff-4.0.8-44.3.1 SUSE Linux Enterprise Desktop 12-SP3 (src): tiff-4.0.8-44.3.1 SUSE Linux Enterprise Desktop 12-SP2 (src): tiff-4.0.8-44.3.1 openSUSE-SU-2017:2635-1: An update that fixes 14 vulnerabilities is now available. Category: security (moderate) Bug References: 1033109,1033111,1033112,1033113,1033118,1033120,1033126,1033127,1033128,1033129,1033131,1038438,1042804,1042805 CVE References: CVE-2016-10371,CVE-2017-7592,CVE-2017-7593,CVE-2017-7594,CVE-2017-7595,CVE-2017-7596,CVE-2017-7597,CVE-2017-7598,CVE-2017-7599,CVE-2017-7600,CVE-2017-7601,CVE-2017-7602,CVE-2017-9403,CVE-2017-9404 Sources used: openSUSE Leap 42.3 (src): tiff-4.0.8-21.1 openSUSE Leap 42.2 (src): tiff-4.0.8-17.6.1 http://bugzilla.maptools.org/show_bug.cgi?id=2644 https://github.com/vadz/libtiff/commit/3cfd62d77c2a7e147a05bd678524c345fa9c2bb8 BEFORE 12/tiff $ tiffcp -i 00115-libtiff-fpe-tif_dirread /tmp/foo TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order. TIFFFetchNormalTag: Warning, Sanity check on size of "DocumentName" value failed; tag ignored. TIFFReadDirectory: Warning, BitsPerSample tag is missing, assuming 8 bits per sample. OJPEGSetupDecode: Warning, Depreciated and troublesome old-style JPEG compression mode, please convert to new-style JPEG compression and notify vendor of writing software. OJPEGSetupEncode: OJPEG encoding not supported; use new-style JPEG compression instead. /tmp/foo: Error, can't write scanline 0. TIFFWriteDirectoryTagCheckedRational: Not-a-number value is illegal. $ 11/tiff $ tiffcp -i 00115-libtiff-fpe-tif_dirread /tmp/foo 00115-libtiff-fpe-tif_dirread: This is a BigTIFF file. This format not supported by this version of libtiff.. $ [testcase cannot be used] PATCH comment 3 12/tiff: fix already in via version update 11,10sp3/tiff: no code found |