First Last Prev Next    This bug is not in your last search results.
Bug 1110358 - (CVE-2018-17795) VUL-0: CVE-2018-17795: tiff: The function t2p_write_pdf allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact
(CVE-2018-17795)
VUL-0: CVE-2018-17795: tiff: The function t2p_write_pdf allows remote attacke...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/215982/
CVSSv3:SUSE:CVE-2018-17795:7.8:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-10-01 15:39 UTC by Johannes Segitz
Modified: 2018-10-31 15:39 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Reproducer (3.76 KB, image/tiff)
2018-10-01 15:39 UTC, Johannes Segitz 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2018-10-01 15:39:44 UTC 
Created attachment 784814 [details]
Reproducer

CVE-2018-17795

The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935.

tiff2pdf POC -o /tmp/foo

all codestreams affected. poc doesn't trigger without ASAN

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17795
http://www.cvedetails.com/cve/CVE-2018-17795/
Comment 1 Petr Gajdos 2018-10-17 11:39:41 UTC 
Upstream bug
http://bugzilla.maptools.org/show_bug.cgi?id=2816

That seems none can reproduce the issue. Why do you think our code streams are affected?
Comment 2 Petr Gajdos 2018-10-17 11:58:33 UTC 
They reported against 4.0.1 and might be this is already fixed in 4.0.9.

I do not see any valgrind error in 11,15,TW,GIT/tiff.
Comment 3 Petr Gajdos 2018-10-17 12:01:55 UTC 
Also note: tiff2pdf.c is updated to 4.0.9 version in 10sp3,11/tiff.
Comment 5 Petr Gajdos 2018-10-18 11:57:49 UTC 
http://bugzilla.maptools.org/show_bug.cgi?id=2816#c10

Closing as duplicate of bug 1046077.
Comment 6 Petr Gajdos 2018-10-18 11:58:24 UTC 
Now really close.

*** This bug has been marked as a duplicate of bug 1046077 ***
Comment 7 Petr Gajdos 2018-10-19 06:48:10 UTC 
Reopen.

The reporter in the upstream bug ensured the testcase for this bug shows slightly different issue than CVE-2017-9935. However confirms, that the issue is fixed also by fix for CVE-2017-9935.

Therefore, I will mention CVE-2018-17795 in rpm changelogs.
Comment 8 Petr Gajdos 2018-10-19 06:48:47 UTC 
Now really reopen :)).
Comment 9 Petr Gajdos 2018-10-19 07:27:39 UTC 
I guess needinfo not needed anymore.
Comment 10 Petr Gajdos 2018-10-19 08:06:04 UTC 
Will submit for: TW,15,12,11,10sp3/tiff.
Comment 11 Petr Gajdos 2018-10-19 08:41:08 UTC 
I believe all fixed.
Comment 13 Swamp Workflow Management 2018-10-22 11:40:50 UTC 
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2018-11-05.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/64163
Comment 14 Swamp Workflow Management 2018-10-22 19:08:55 UTC 
SUSE-SU-2018:3289-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1106853,1108627,1108637,1110358
CVE References: CVE-2017-11613,CVE-2017-9935,CVE-2018-16335,CVE-2018-17100,CVE-2018-17101,CVE-2018-17795
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    tiff-4.0.9-44.24.1
SUSE Linux Enterprise Server 12-SP3 (src):    tiff-4.0.9-44.24.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    tiff-4.0.9-44.24.1
Comment 15 Swamp Workflow Management 2018-10-23 16:10:36 UTC 
SUSE-SU-2018:3327-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1092480,1106853,1108627,1108637,1110358
CVE References: CVE-2018-10779,CVE-2018-16335,CVE-2018-17100,CVE-2018-17101,CVE-2018-17795
Sources used:
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    tiff-4.0.9-5.14.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    tiff-4.0.9-5.14.1
Comment 16 Swamp Workflow Management 2018-10-24 13:10:06 UTC 
openSUSE-SU-2018:3370-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1092480,1106853,1108627,1108637,1110358
CVE References: CVE-2018-10779,CVE-2018-16335,CVE-2018-17100,CVE-2018-17101,CVE-2018-17795
Sources used:
openSUSE Leap 15.0 (src):    tiff-4.0.9-lp150.4.6.1
Comment 17 Swamp Workflow Management 2018-10-24 13:10:50 UTC 
openSUSE-SU-2018:3371-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1106853,1108627,1108637,1110358
CVE References: CVE-2017-11613,CVE-2017-9935,CVE-2018-16335,CVE-2018-17100,CVE-2018-17101,CVE-2018-17795
Sources used:
openSUSE Leap 42.3 (src):    tiff-4.0.9-37.1
Comment 18 Swamp Workflow Management 2018-10-24 16:51:22 UTC 
SUSE-SU-2018:3391-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1106853,1108627,1108637,1110358
CVE References: CVE-2017-11613,CVE-2017-9935,CVE-2018-16335,CVE-2018-17100,CVE-2018-17101,CVE-2018-17795
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    tiff-3.8.2-141.169.19.1
SUSE Linux Enterprise Server 11-SP4 (src):    tiff-3.8.2-141.169.19.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    tiff-3.8.2-141.169.19.1
Comment 19 Marcus Meissner 2018-10-26 06:01:01 UTC 
released
First Last Prev Next    This bug is not in your last search results.