Bugzilla – Bug 964225
VUL-1: CVE-2015-8781, CVE-2015-8782, CVE-2015-8783: tiff: out-of-bounds writes for invalid images in tif_libtuv
Last modified: 2018-12-05 07:44:34 UTC
rh#1301649 A flaw was discovered in a way libtiff decodes special data. A potential out-of-bounds write could occur for specifically crafted images. CVE assignments: http://seclists.org/oss-sec/2016/q1/190 Upstream fix (for all CVEs): https://github.com/vadz/libtiff/commit/aaab5c3c9d2a2c6984f23ccbc79702610439bc65 References: https://bugzilla.redhat.com/show_bug.cgi?id=1301649 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8782 http://seclists.org/oss-sec/2016/q1/190 http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8782.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8782 http://bugzilla.maptools.org/show_bug.cgi?id=2522
*** Bug 964213 has been marked as a duplicate of this bug. ***
CVE-2015-8781, CVE-2015-8782, CVE-2015-8783
bugbot adjusting priority
This is an autogenerated message for OBS integration: This bug (964225) was mentioned in https://build.opensuse.org/request/show/357067 Factory / tiff
This is an autogenerated message for OBS integration: This bug (964225) was mentioned in https://build.opensuse.org/request/show/357081 13.1 / tiff https://build.opensuse.org/request/show/357082 13.2 / tiff
SUSE-SU-2016:0353-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 960341,964225 CVE References: CVE-2015-7554,CVE-2015-8781,CVE-2015-8782,CVE-2015-8783 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): tiff-3.8.2-141.163.1 SUSE Linux Enterprise Server 11-SP4 (src): tiff-3.8.2-141.163.1 SUSE Linux Enterprise Desktop 11-SP4 (src): tiff-3.8.2-141.163.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): tiff-3.8.2-141.163.1
openSUSE-SU-2016:0405-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 964225 CVE References: CVE-2015-8781,CVE-2015-8782,CVE-2015-8783 Sources used: openSUSE 13.2 (src): tiff-4.0.6-10.20.1
openSUSE-SU-2016:0414-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 964225 CVE References: CVE-2015-8781,CVE-2015-8782,CVE-2015-8783 Sources used: openSUSE 13.1 (src): tiff-4.0.6-8.16.1
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2016-03-16. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/62518
openSUSE-SU-2016:1889-1: An update that solves 5 vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 964225,984808,984831,984837,984842,987351 CVE References: CVE-2016-5314,CVE-2016-5316,CVE-2016-5317,CVE-2016-5320,CVE-2016-5875 Sources used: openSUSE 13.2 (src): tiff-4.0.6-10.26.1
SUSE-SU-2016:2271-1: An update that fixes 9 vulnerabilities is now available. Category: security (moderate) Bug References: 964225,973340,984808,984831,984837,984842,987351 CVE References: CVE-2015-8781,CVE-2015-8782,CVE-2015-8783,CVE-2016-3186,CVE-2016-5314,CVE-2016-5316,CVE-2016-5317,CVE-2016-5320,CVE-2016-5875 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): tiff-4.0.6-26.3 SUSE Linux Enterprise Server 12-SP1 (src): tiff-4.0.6-26.3 SUSE Linux Enterprise Desktop 12-SP1 (src): tiff-4.0.6-26.3
openSUSE-SU-2016:2321-1: An update that fixes 9 vulnerabilities is now available. Category: security (moderate) Bug References: 964225,973340,984808,984831,984837,984842,987351 CVE References: CVE-2015-8781,CVE-2015-8782,CVE-2015-8783,CVE-2016-3186,CVE-2016-5314,CVE-2016-5316,CVE-2016-5317,CVE-2016-5320,CVE-2016-5875 Sources used: openSUSE Leap 42.1 (src): tiff-4.0.6-6.1