Bug 1031255 - (CVE-2016-10268) VUL-0: CVE-2016-10268: tiff: tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial ofservice (integer underf...
(CVE-2016-10268)
VUL-0: CVE-2016-10268: tiff: tools/tiffcp.c in LibTIFF 4.0.7 allows remote a...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/182279/
CVSSv2:NVD:CVE-2016-10268:6.8:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-03-28 07:25 UTC by Victor Pereira
Modified: 2018-11-30 14:16 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2017-03-28 07:25:15 UTC
CVE-2016-10268

tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of
service (integer underflow and heap-based buffer under-read) or possibly have
unspecified other impact via a crafted TIFF image, related to "READ of size
78490" and libtiff/tif_unix.c:115:23.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10268
http://seclists.org/oss-sec/2017/q1/680
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10268
https://github.com/vadz/libtiff/commit/5397a417e61258c69209904e652a1f409ec3b9df
Comment 1 Swamp Workflow Management 2017-04-18 13:13:47 UTC
SUSE-SU-2017:1044-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1031247,1031249,1031250,1031254,1031255,1031262,1031263
CVE References: CVE-2016-10266,CVE-2016-10267,CVE-2016-10268,CVE-2016-10269,CVE-2016-10270,CVE-2016-10271,CVE-2016-10272
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    tiff-4.0.7-43.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    tiff-4.0.7-43.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    tiff-4.0.7-43.1
SUSE Linux Enterprise Server 12-SP2 (src):    tiff-4.0.7-43.1
SUSE Linux Enterprise Server 12-SP1 (src):    tiff-4.0.7-43.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    tiff-4.0.7-43.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    tiff-4.0.7-43.1
Comment 2 Swamp Workflow Management 2017-04-26 16:12:38 UTC
openSUSE-SU-2017:1108-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 1031247,1031249,1031250,1031254,1031255,1031262,1031263
CVE References: CVE-2016-10266,CVE-2016-10267,CVE-2016-10268,CVE-2016-10269,CVE-2016-10270,CVE-2016-10271,CVE-2016-10272
Sources used:
openSUSE Leap 42.2 (src):    tiff-4.0.7-17.3.1
openSUSE Leap 42.1 (src):    tiff-4.0.7-18.1
Comment 3 Michael Vetter 2018-01-22 14:33:36 UTC
Is this one already fixed?
Comment 4 Petr Gajdos 2018-04-25 14:20:27 UTC
Reproducer can be found at:
https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/

12/tiff

$ valgrind -q tiffcp -i 00068-libtiff-heapoverflow-_tiffWriteProc /dev/null
TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
TIFFReadDirectory: Warning, Unknown field with tag 64257 (0xfb01) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 30 (0x1e) encountered.
TIFFFetchNormalTag: Warning, Sanity check on size of "DocumentName" value failed; tag ignored.
TIFFFetchNormalTag: Warning, Incompatible type for "PageName"; tag ignored.
TIFFFetchNormalTag: Warning, IO error during reading of "Tag 30"; tag ignored.
TIFFFetchNormalTag: Warning, incorrect count for field "PageNumber", expected 2, got 4456450.
TIFFFillStrip: Read error on strip 0; got 18446744069422907876 bytes, expected 8033.
TIFFFillStrip: Read error on strip 1; got 18446744069422899843 bytes, expected 8033.
TIFFFillStrip: Read error on strip 2; got 18446744069422891810 bytes, expected 8033.
TIFFFillStrip: Read error on strip 3; got 18446744069422883777 bytes, expected 8033.
TIFFFillStrip: Read error on strip 4; got 18446744069422875744 bytes, expected 8033.
TIFFFillStrip: Read error on strip 5; got 18446744069422867711 bytes, expected 8033.
TIFFFillStrip: Read error on strip 6; got 18446744069422859678 bytes, expected 8033.
TIFFFillStrip: Read error on strip 7; got 18446744069422851645 bytes, expected 8033.
TIFFFillStrip: Read error on strip 8; got 18446744069422843612 bytes, expected 8033.
TIFFFillStrip: Read error on strip 9; got 18446744069422835579 bytes, expected 8033.
TIFFFillStrip: Read error on strip 10; got 18446744069422827546 bytes, expected 8033.
TIFFFillStrip: Read error on strip 11; got 18446744069422819513 bytes, expected 8033.
TIFFFillStrip: Read error on strip 12; got 18446744069422811480 bytes, expected 8033.
TIFFFillStrip: Read error on strip 13; got 18446744069422803447 bytes, expected 8033.
TIFFFillStrip: Read error on strip 14; got 18446744069422795414 bytes, expected 8033.
TIFFFillStrip: Read error on strip 15; got 18446744069422787381 bytes, expected 8033.
TIFFFillStrip: Read error on strip 16; got 18446744069422779348 bytes, expected 8033.
TIFFFillStrip: Read error on strip 17; got 18446744069422771315 bytes, expected 8033.
TIFFFillStrip: Read error on strip 18; got 18446744069422763282 bytes, expected 8033.
TIFFFillStrip: Read error on strip 19; got 18446744069422755249 bytes, expected 8033.
TIFFFillStrip: Read error on strip 20; got 18446744069422747216 bytes, expected 8033.
TIFFFillStrip: Read error on strip 21; got 18446744069422739183 bytes, expected 8033.
TIFFFillStrip: Read error on strip 22; got 18446744069422731150 bytes, expected 8033.
TIFFFillStrip: Read error on strip 23; got 18446744069422723117 bytes, expected 8033.
TIFFFillStrip: Read error on strip 24; got 18446744069422715084 bytes, expected 8033.
TIFFFillStrip: Read error on strip 25; got 18446744069422707051 bytes, expected 8033.
TIFFFillStrip: Read error on strip 26; got 18446744069422699018 bytes, expected 8033.
TIFFFillStrip: Read error on strip 27; got 18446744069422690985 bytes, expected 8033.
TIFFFillStrip: Read error on strip 28; got 18446744069422682952 bytes, expected 8033.
TIFFFillStrip: Read error on strip 29; got 18446744069422674919 bytes, expected 8033.
TIFFWriteDirectoryTagData: IO error writing tag data.
TIFFWriteDirectoryTagData: IO error writing tag data.
$
[no issue observed]

11/tiff

$ valgrind -q tiffcp -i 00068-libtiff-heapoverflow-_tiffWriteProc /dev/null
TIFFReadDirectory: Warning, 00068-libtiff-heapoverflow-_tiffWriteProc: invalid TIFF directory; tags are not sorted in ascending order.
TIFFReadDirectory: Warning, 00068-libtiff-heapoverflow-_tiffWriteProc: wrong data type 5 for "PageName"; tag ignored.
TIFFReadDirectory: Warning, 00068-libtiff-heapoverflow-_tiffWriteProc: unknown field with tag 64257 (0xfb01) encountered.
TIFFReadDirectory: Warning, 00068-libtiff-heapoverflow-_tiffWriteProc: unknown field with tag 30 (0x1e) encountered.
TIFFReadDirectory: Warning, 00068-libtiff-heapoverflow-_tiffWriteProc: wrong data type 305 for "PageNumber"; tag ignored.
00068-libtiff-heapoverflow-_tiffWriteProc: No space to fetch tag value.
00068-libtiff-heapoverflow-_tiffWriteProc: Warning, incorrect count for field "StripOffsets" (1, expecting 32); tag ignored.
00068-libtiff-heapoverflow-_tiffWriteProc: Warning, incorrect count for field "StripByteCounts" (1, expecting 32); tag ignored.
TIFFReadDirectory: Warning, 00068-libtiff-heapoverflow-_tiffWriteProc: Wrong "StripByteCounts" field, ignoring and calculating from imagelength.
==25576== Conditional jump or move depends on uninitialised value(s)
==25576==    at 0x402EF6: main (tiffcp.c:580)
==25576== 
==25576== Conditional jump or move depends on uninitialised value(s)
==25576==    at 0x403465: main (tiffcp.c:660)
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 0; got 18446744069422907876 bytes, expected 16387320.
==25576== 
==25576== Syscall param write(buf) points to uninitialised byte(s)
==25576==    at 0x57DCF30: write (in /lib64/libc-2.9.so)
==25576==    by 0x4E5DEAB: _tiffWriteProc (tif_unix.c:64)
==25576==    by 0x4E5E1C9: TIFFAppendToStrip (tif_write.c:680)
==25576==    by 0x4E5E3B2: TIFFFlushData1 (tif_write.c:703)
==25576==    by 0x4E3D5A7: DumpModeEncode (tif_dumpmode.c:60)
==25576==    by 0x4E5F030: TIFFWriteEncodedStrip (tif_write.c:245)
==25576==    by 0x4021E1: cpDecodedStrips (tiffcp.c:910)
==25576==    by 0x40337E: main (tiffcp.c:733)
==25576==  Address 0x6e21030 is 0 bytes inside a block of size 16,451,584 alloc'd
==25576==    at 0x4C256AE: malloc (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so)
==25576==    by 0x4E5E4E0: TIFFWriteBufferSetup (tif_write.c:571)
==25576==    by 0x4E5F076: TIFFWriteEncodedStrip (tif_write.c:215)
==25576==    by 0x4021E1: cpDecodedStrips (tiffcp.c:910)
==25576==    by 0x40337E: main (tiffcp.c:733)
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 1; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 2; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 3; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 4; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 5; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 6; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 7; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 8; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 9; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 10; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 11; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 12; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 13; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 14; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 15; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 16; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 17; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 18; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 19; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 20; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 21; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 22; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 23; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 24; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 25; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 26; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 27; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 28; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 29; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 30; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 31; got 236 bytes, expected 16387320.
==25576== 
==25576== Syscall param write(buf) points to uninitialised byte(s)
==25576==    at 0x57DCF30: write (in /lib64/libc-2.9.so)
==25576==    by 0x4E5DEAB: _tiffWriteProc (tif_unix.c:64)
==25576==    by 0x4E5E1C9: TIFFAppendToStrip (tif_write.c:680)
==25576==    by 0x4E5F118: TIFFWriteEncodedStrip (tif_write.c:252)
==25576==    by 0x4021E1: cpDecodedStrips (tiffcp.c:910)
==25576==    by 0x40337E: main (tiffcp.c:733)
==25576==  Address 0x6e21030 is 0 bytes inside a block of size 16,451,584 alloc'd
==25576==    at 0x4C256AE: malloc (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so)
==25576==    by 0x4E5E4E0: TIFFWriteBufferSetup (tif_write.c:571)
==25576==    by 0x4E5F076: TIFFWriteEncodedStrip (tif_write.c:215)
==25576==    by 0x4021E1: cpDecodedStrips (tiffcp.c:910)
==25576==    by 0x40337E: main (tiffcp.c:733)
/dev/null: Error writing data for field "StripOffsets".
$
[does not report invalid reads/writes]


PATCH

in comment 0

12/ImageMagick: have the fix already in
11/ImageMagick: affected


AFTER

11/ImageMagick:

$ valgrind -q tiffcp -i 00068-libtiff-heapoverflow-_tiffWriteProc /dev/null
TIFFReadDirectory: Warning, 00068-libtiff-heapoverflow-_tiffWriteProc: invalid TIFF directory; tags are not sorted in ascending order.
TIFFReadDirectory: Warning, 00068-libtiff-heapoverflow-_tiffWriteProc: wrong data type 5 for "PageName"; tag ignored.
TIFFReadDirectory: Warning, 00068-libtiff-heapoverflow-_tiffWriteProc: unknown field with tag 64257 (0xfb01) encountered.
TIFFReadDirectory: Warning, 00068-libtiff-heapoverflow-_tiffWriteProc: unknown field with tag 30 (0x1e) encountered.
TIFFReadDirectory: Warning, 00068-libtiff-heapoverflow-_tiffWriteProc: wrong data type 305 for "PageNumber"; tag ignored.
00068-libtiff-heapoverflow-_tiffWriteProc: No space to fetch tag value.
00068-libtiff-heapoverflow-_tiffWriteProc: Warning, incorrect count for field "StripOffsets" (1, expecting 32); tag ignored.
00068-libtiff-heapoverflow-_tiffWriteProc: Warning, incorrect count for field "StripByteCounts" (1, expecting 32); tag ignored.
TIFFReadDirectory: Warning, 00068-libtiff-heapoverflow-_tiffWriteProc: Wrong "StripByteCounts" field, ignoring and calculating from imagelength.
==9455== Conditional jump or move depends on uninitialised value(s)
==9455==    at 0x402EF6: main (tiffcp.c:580)
==9455== 
==9455== Conditional jump or move depends on uninitialised value(s)
==9455==    at 0x403465: main (tiffcp.c:660)
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 0; got 18446744069422907876 bytes, expected 16387320.
==9455== 
==9455== Syscall param write(buf) points to uninitialised byte(s)
==9455==    at 0x57DCF30: write (in /lib64/libc-2.9.so)
==9455==    by 0x4E5DEAB: _tiffWriteProc (tif_unix.c:64)
==9455==    by 0x4E5E1C9: TIFFAppendToStrip (tif_write.c:680)
==9455==    by 0x4E5E3B2: TIFFFlushData1 (tif_write.c:703)
==9455==    by 0x4E3D5A7: DumpModeEncode (tif_dumpmode.c:60)
==9455==    by 0x4E5F030: TIFFWriteEncodedStrip (tif_write.c:245)
==9455==    by 0x402214: cpDecodedStrips (tiffcp.c:910)
==9455==    by 0x40337E: main (tiffcp.c:733)
==9455==  Address 0x6e21030 is 0 bytes inside a block of size 16,451,584 alloc'd
==9455==    at 0x4C256AE: malloc (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so)
==9455==    by 0x4E5E4E0: TIFFWriteBufferSetup (tif_write.c:571)
==9455==    by 0x4E5F076: TIFFWriteEncodedStrip (tif_write.c:215)
==9455==    by 0x402214: cpDecodedStrips (tiffcp.c:910)
==9455==    by 0x40337E: main (tiffcp.c:733)
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 1; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 2; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 3; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 4; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 5; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 6; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 7; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 8; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 9; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 10; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 11; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 12; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 13; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 14; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 15; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 16; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 17; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 18; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 19; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 20; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 21; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 22; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 23; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 24; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 25; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 26; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 27; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 28; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 29; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 30; got 236 bytes, expected 16387320.
TIFFFillStrip: 00068-libtiff-heapoverflow-_tiffWriteProc: Read error on strip 31; got 236 bytes, expected 16387320.
==9455== 
==9455== Syscall param write(buf) points to uninitialised byte(s)
==9455==    at 0x57DCF30: write (in /lib64/libc-2.9.so)
==9455==    by 0x4E5DEAB: _tiffWriteProc (tif_unix.c:64)
==9455==    by 0x4E5E1C9: TIFFAppendToStrip (tif_write.c:680)
==9455==    by 0x4E5F118: TIFFWriteEncodedStrip (tif_write.c:252)
==9455==    by 0x402214: cpDecodedStrips (tiffcp.c:910)
==9455==    by 0x40337E: main (tiffcp.c:733)
==9455==  Address 0x6e21030 is 0 bytes inside a block of size 16,451,584 alloc'd
==9455==    at 0x4C256AE: malloc (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so)
==9455==    by 0x4E5E4E0: TIFFWriteBufferSetup (tif_write.c:571)
==9455==    by 0x4E5F076: TIFFWriteEncodedStrip (tif_write.c:215)
==9455==    by 0x402214: cpDecodedStrips (tiffcp.c:910)
==9455==    by 0x40337E: main (tiffcp.c:733)
/dev/null: Error writing data for field "StripOffsets".
$
[no change]
Comment 5 Petr Gajdos 2018-04-25 14:21:00 UTC
Will submit for: 11/tiff and 10sp3/tiff
Comment 6 Petr Gajdos 2018-04-25 14:25:42 UTC
Michael please, see sr#162922 and sr#162923.
Comment 7 Michael Vetter 2018-05-07 13:27:54 UTC
SR#164509 SLE-10-SP3
SR#164510 SLE-11
Comment 9 Swamp Workflow Management 2018-05-09 16:14:08 UTC
SUSE-SU-2018:1179-1: An update that solves 11 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1007280,1011107,1011845,1017688,1017690,1017691,1017692,1031255,1046077,1048937,1074318,960341,983436
CVE References: CVE-2015-7554,CVE-2016-10095,CVE-2016-10268,CVE-2016-3945,CVE-2016-5318,CVE-2016-5652,CVE-2016-9453,CVE-2016-9536,CVE-2017-11335,CVE-2017-17973,CVE-2017-9935
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    tiff-3.8.2-141.169.3.1
SUSE Linux Enterprise Server 11-SP4 (src):    tiff-3.8.2-141.169.3.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    tiff-3.8.2-141.169.3.1
Comment 10 Swamp Workflow Management 2018-05-11 15:26:01 UTC
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2018-05-18.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/64038
Comment 11 Marcus Meissner 2018-11-30 14:16:11 UTC
released