Bugzilla – Bug 1113672
VUL-1: CVE-2018-18661: tiff: NULL pointer dereference in the function LZWDecode in the file tif_lzw.c
Last modified: 2019-01-14 10:31:11 UTC
CVE-2018-18661 An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18661 http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18661.html http://www.cvedetails.com/cve/CVE-2018-18661/ http://bugzilla.maptools.org/show_bug.cgi?id=2819
Submitted 4.0.10 which fixes this to devel project.
Accepted and on its way to Factory as SR#648457
BEFORE tiff 4.0.9 $ ulimit -v 2000000 $ tiff2bw Null-pointer-derefence__LZWDecode\@tif_lzw.c_462 /dev/null Segmentation fault $ tiff 3.8.2 $ ulimit -v 2000000 $ tiff2bw Null-pointer-derefence__LZWDecode\@tif_lzw.c_462 foo TIFFReadDirectory: Warning, Null-pointer-derefence__LZWDecode@tif_lzw.c_462: unknown field with tag 292 (0x124) encountered. Null-pointer-derefence__LZWDecode@tif_lzw.c_462: Integer overflow in TIFFScanlineSize. TIFFReadDirectory: Null-pointer-derefence__LZWDecode@tif_lzw.c_462: cannot handle zero scanline size. $ PATCH https://gitlab.com/libtiff/libtiff/commit/99b10edde9a0fc28cc0e7b7757aa18ac4c8c225f 3.8.2: testcase does not work (_TIFFmalloc is run only for small values of its argument), but checks are missing in tiff2bw AFTER 4.0.9 $ ulimit -v 2000000 $ tiff2bw Null-pointer-derefence__LZWDecode\@tif_lzw.c_462 /dev/null TIFFReadDirectory: Warning, Unknown field with tag 292 (0x124) encountered. Out of memory TIFFWriteDirectoryTagData: IO error writing tag data. $
Will submit for: 15,12,11,10sp3/tiff.
I believe all fixed.
SUSE-SU-2018:3879-1: An update that fixes 11 vulnerabilities is now available. Category: security (moderate) Bug References: 1010163,1014461,1040080,1040322,1074186,1099257,1113672,974446,974447,974448,983440 CVE References: CVE-2015-8870,CVE-2016-3619,CVE-2016-3620,CVE-2016-3621,CVE-2016-5319,CVE-2016-9273,CVE-2017-17942,CVE-2017-9117,CVE-2017-9147,CVE-2018-12900,CVE-2018-18661 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): tiff-3.8.2-141.169.22.1 SUSE Linux Enterprise Server 11-SP4 (src): tiff-3.8.2-141.169.22.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): tiff-3.8.2-141.169.22.1
SUSE-SU-2018:3911-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1099257,1113094,1113672 CVE References: CVE-2018-12900,CVE-2018-18557,CVE-2018-18661 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP3 (src): tiff-4.0.9-44.27.1 SUSE Linux Enterprise Server 12-SP3 (src): tiff-4.0.9-44.27.1 SUSE Linux Enterprise Desktop 12-SP3 (src): tiff-4.0.9-44.27.1
SUSE-SU-2018:3925-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1099257,1113094,1113672 CVE References: CVE-2018-12900,CVE-2018-18557,CVE-2018-18661 Sources used: SUSE Linux Enterprise Module for Packagehub Subpackages 15 (src): tiff-4.0.9-5.17.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): tiff-4.0.9-5.17.1 SUSE Linux Enterprise Module for Desktop Applications 15 (src): tiff-4.0.9-5.17.1 SUSE Linux Enterprise Module for Basesystem 15 (src): tiff-4.0.9-5.17.1
openSUSE-SU-2018:3947-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1099257,1113094,1113672 CVE References: CVE-2018-12900,CVE-2018-18557,CVE-2018-18661 Sources used: openSUSE Leap 42.3 (src): tiff-4.0.9-40.1
openSUSE-SU-2018:3948-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1099257,1113094,1113672 CVE References: CVE-2018-12900,CVE-2018-18557,CVE-2018-18661 Sources used: openSUSE Leap 15.0 (src): tiff-4.0.9-lp150.4.9.1
SUSE-SU-2018:3911-2: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1099257,1113094,1113672 CVE References: CVE-2018-12900,CVE-2018-18557,CVE-2018-18661 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP4 (src): tiff-4.0.9-44.27.1 SUSE Linux Enterprise Server 12-SP4 (src): tiff-4.0.9-44.27.1 SUSE Linux Enterprise Desktop 12-SP4 (src): tiff-4.0.9-44.27.1
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2018-12-25. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/64180
done