Bugzilla – Bug 1206479
VUL-0: CVE-2015-8784: tiff: out-of-bound write in NeXTDecode()
Last modified: 2023-02-02 11:23:13 UTC
rh#1301652 A flaw was discovered in a way libtiff decodes special data. A potential out-of-bounds write could occur for specifically crafted images. External bug report: http://bugzilla.maptools.org/show_bug.cgi?id=2508 CVE assignment: http://seclists.org/oss-sec/2016/q1/191 Upstream fix: https://github.com/vadz/libtiff/commit/b18012dae552f85dcc5c57d3bf4e997a15b1cc1c References: https://bugzilla.redhat.com/show_bug.cgi?id=1301652 https://bugzilla.redhat.com/show_bug.cgi?id=1346687 http://seclists.org/oss-sec/2016/q1/191 http://www.openwall.com/lists/oss-security/2016/01/24/8 http://www.openwall.com/lists/oss-security/2016/01/24/4 http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8784.html https://rhn.redhat.com/errata/RHSA-2016-1546.html https://rhn.redhat.com/errata/RHSA-2016-1547.html https://access.redhat.com/security/cve/CVE-2015-8784 http://rhn.redhat.com/errata/RHSA-2016-1547.html http://rhn.redhat.com/errata/RHSA-2016-1546.html https://security-tracker.debian.org/tracker/DSA-3467-1 https://bugs.mageia.org/show_bug.cgi?id=15519 http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html https://security.gentoo.org/glsa/201701-16 http://www.securityfocus.com/bid/81696 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808968 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809021 https://github.com/vadz/libtiff/commit/b18012dae552f85dcc5c57d3bf4e997a15b1cc1c http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://openwall.com/lists/oss-security/2015/02/07/5 http://bugzilla.maptools.org/show_bug.cgi?id=2508
This issue has been previously incorrectly merged with CVE-2015-1547. These are two different issues, and it seems that we missed the patch for SUSE:SLE-11:Update