Bug 1033111 - (CVE-2017-7601) VUL-0: CVE-2017-7601: tiff: undefined behavior after "shift exponent too large for 64bit type log" could lead to denial of service
(CVE-2017-7601)
VUL-0: CVE-2017-7601: tiff: undefined behavior after "shift exponent too larg...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/183191/
CVSSv2:SUSE:CVE-2017-7601:2.6:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-04-10 05:55 UTC by Victor Pereira
Modified: 2019-01-14 08:06 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2017-04-10 05:55:05 UTC
CVE-2017-7601

LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined
behavior issue, which might allow remote attackers to cause a denial of service
(application crash) or possibly have unspecified other impact via a crafted
image.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7601
Comment 1 Swamp Workflow Management 2017-09-26 13:09:25 UTC
SUSE-SU-2017:2569-1: An update that fixes 14 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1033109,1033111,1033112,1033113,1033118,1033120,1033126,1033127,1033128,1033129,1033131,1038438,1042804,1042805
CVE References: CVE-2016-10371,CVE-2017-7592,CVE-2017-7593,CVE-2017-7594,CVE-2017-7595,CVE-2017-7596,CVE-2017-7597,CVE-2017-7598,CVE-2017-7599,CVE-2017-7600,CVE-2017-7601,CVE-2017-7602,CVE-2017-9403,CVE-2017-9404
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    tiff-4.0.8-44.3.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    tiff-4.0.8-44.3.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    tiff-4.0.8-44.3.1
SUSE Linux Enterprise Server 12-SP3 (src):    tiff-4.0.8-44.3.1
SUSE Linux Enterprise Server 12-SP2 (src):    tiff-4.0.8-44.3.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    tiff-4.0.8-44.3.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    tiff-4.0.8-44.3.1
Comment 2 Swamp Workflow Management 2017-10-03 19:07:23 UTC
openSUSE-SU-2017:2635-1: An update that fixes 14 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1033109,1033111,1033112,1033113,1033118,1033120,1033126,1033127,1033128,1033129,1033131,1038438,1042804,1042805
CVE References: CVE-2016-10371,CVE-2017-7592,CVE-2017-7593,CVE-2017-7594,CVE-2017-7595,CVE-2017-7596,CVE-2017-7597,CVE-2017-7598,CVE-2017-7599,CVE-2017-7600,CVE-2017-7601,CVE-2017-7602,CVE-2017-9403,CVE-2017-9404
Sources used:
openSUSE Leap 42.3 (src):    tiff-4.0.8-21.1
openSUSE Leap 42.2 (src):    tiff-4.0.8-17.6.1
Comment 4 Petr Gajdos 2018-05-16 11:37:57 UTC
BEFORE

12/tiff

$ tiffcp -i 00119-libtiff-shift-long-tif_jpeg /tmp/foo          
00119-libtiff-shift-long-tif_jpeg: This is a BigTIFF file.  This format not supported
by this version of libtiff..
$
[testcase does not work]


PATCH

see comment 3

12/tiff: the fix is already in
11/tiff: needs to be fixed, will fix together with bug 1033127 (CVE-2017-7595)



AFTER

11/tiff

$ tiffcp -i 00119-libtiff-shift-long-tif_jpeg /tmp/foo          
00119-libtiff-shift-long-tif_jpeg: This is a BigTIFF file.  This format not supported
by this version of libtiff..
$
[no change]
Comment 5 Petr Gajdos 2018-05-18 11:09:08 UTC
Packages submitted:
12/tiff:    165341
11/tiff:    165349
10sp3/tiff: 165350

@Michael, after you review these requests and after you accept and resubmit packages in case everything's ok, I think you can reassign this bug to security-team@.
Comment 6 Michael Vetter 2018-05-22 09:25:45 UTC
Thanks a lot Petr! All perfect.

SR#165480 to SLE12.
SR#165482 to SLE11.
SR#165483 to SLE10.
Comment 8 Swamp Workflow Management 2018-05-30 09:05:05 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2018-06-13.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/64044
Comment 9 Swamp Workflow Management 2018-05-30 13:14:29 UTC
SUSE-SU-2018:1472-1: An update that solves 14 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1017694,1031250,1031254,1033109,1033111,1033112,1033113,1033120,1033126,1033127,1033129,1074317,984808,984809,984831,987351
CVE References: CVE-2016-10267,CVE-2016-10269,CVE-2016-10270,CVE-2016-5314,CVE-2016-5315,CVE-2017-18013,CVE-2017-7593,CVE-2017-7595,CVE-2017-7596,CVE-2017-7597,CVE-2017-7599,CVE-2017-7600,CVE-2017-7601,CVE-2017-7602
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    tiff-3.8.2-141.169.6.1
SUSE Linux Enterprise Server 11-SP4 (src):    tiff-3.8.2-141.169.6.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    tiff-3.8.2-141.169.6.1
Comment 10 Marcus Meissner 2019-01-14 08:06:55 UTC
done