Bug 1074318 - (CVE-2017-17973) VUL-0: CVE-2017-17973: tiff: In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c.
(CVE-2017-17973)
VUL-0: CVE-2017-17973: tiff: In LibTIFF 4.0.8, there is a heap-based use-afte...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/197422/
CVSSv3:RedHat:CVE-2017-17973:7.5:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-01-02 11:02 UTC by Victor Pereira
Modified: 2018-05-29 11:34 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
poc-1 (3.93 KB, application/octet-stream)
2018-01-17 16:46 UTC, Marcus Meissner
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2018-01-02 11:02:39 UTC
CVE-2017-17973

In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc
function in tiff2pdf.c.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17973
http://www.cvedetails.com/cve/CVE-2017-17973/
http://bugzilla.maptools.org/show_bug.cgi?id=2769
Comment 1 Marcus Meissner 2018-01-17 16:46:50 UTC
Created attachment 756484 [details]
poc-1

QA REPRODUCER:

tiff2pdf poc-1 > /dev/null

should not crash (neither has valgriund errors)
Comment 2 Marcus Meissner 2018-01-17 16:52:06 UTC
valgrind triggers on tiff2pdf 4.0.9 in sle12, but not on the 3.8 in sle11.
Comment 3 Petr Gajdos 2018-04-27 09:11:02 UTC
Yep, I get:

$ valgrind -q tiff2pdf poc-1 -o foo
TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
TIFFReadDirectory: Warning, Unknown field with tag 8448 (0x2100) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 58660 (0xe524) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 8981 (0x2315) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 65296 (0xff10) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 60699 (0xed1b) encountered.
TIFFFetchNormalTag: Warning, Incorrect count for "Orientation"; tag ignored.
TIFFFetchNormalTag: Warning, Incorrect count for "XResolution"; tag ignored.
TIFFFetchNormalTag: Warning, Incompatible type for "PageNumber"; tag ignored.
TIFFAdvanceDirectory: Error fetching directory count.
TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
TIFFReadDirectory: Warning, Unknown field with tag 8448 (0x2100) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 58660 (0xe524) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 8981 (0x2315) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 65296 (0xff10) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 60699 (0xed1b) encountered.
TIFFFetchNormalTag: Warning, Incorrect count for "Orientation"; tag ignored.
TIFFFetchNormalTag: Warning, Incorrect count for "XResolution"; tag ignored.
TIFFFetchNormalTag: Warning, Incompatible type for "PageNumber"; tag ignored.
TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
TIFFReadDirectory: Warning, Unknown field with tag 98 (0x62) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 8178 (0x1ff2) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 15 (0xf) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 62085 (0xf285) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 27952 (0x6d30) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 63319 (0xf757) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 59310 (0xe7ae) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 8448 (0x2100) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 58660 (0xe524) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 8981 (0x2315) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 65296 (0xff10) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 60699 (0xed1b) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 2 (0x2) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 4608 (0x1200) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 4096 (0x1000) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 27904 (0x6d00) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 3840 (0xf00) encountered.
TIFFFetchNormalTag: Warning, Incorrect count for "Orientation"; tag ignored.
TIFFFetchNormalTag: Warning, Incorrect count for "XResolution"; tag ignored.
TIFFFetchNormalTag: Warning, Incompatible type for "PageNumber"; tag ignored.
_TIFFVSetField: poc-1: Null count for "Tag 4096" (type 6, writecount -3, passcount 1).
TIFFReadDirectory: Warning, Incorrect count for "ColorMap"; tag ignored.
TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
TIFFReadDirectory: Warning, Unknown field with tag 25844 (0x64f4) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 514 (0x202) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 64000 (0xfa00) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 128 (0x80) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 59310 (0xe7ae) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 4355 (0x1103) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 261 (0x105) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 23 (0x17) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 60917 (0xedf5) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 21760 (0x5500) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 43520 (0xaa00) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 64127 (0xfa7f) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 28013 (0x6d6d) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 109 (0x6d) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 6146 (0x1802) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 11776 (0x2e00) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 3840 (0xf00) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 768 (0x300) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 5888 (0x1700) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 32512 (0x7f00) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 38172 (0x951c) encountered.
poc-1: Warning, Nonstandard tile width 3, convert file.
TIFFReadDirectory: Warning, Unknown field with tag 2 (0x2) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 513 (0x201) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 6912 (0x1b00) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 16384 (0x4000) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 64256 (0xfb00) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 4608 (0x1200) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 4096 (0x1000) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 27904 (0x6d00) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 251 (0xfb) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 1791 (0x6ff) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 769 (0x301) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 47361 (0xb901) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 1025 (0x401) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 61441 (0xf001) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 3 (0x3) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 5632 (0x1600) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 7169 (0x1c01) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 19712 (0x4d00) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 8 (0x8) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 2048 (0x800) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 125 (0x7d) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 4 (0x4) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 5 (0x5) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 27 (0x1b) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 63488 (0xf800) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 73 (0x49) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 65280 (0xff00) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 59005 (0xe67d) encountered.
TIFFFetchNormalTag: Warning, ASCII value for tag "Tag 261" does not end in null byte. Forcing it to be null.
TIFFFetchStripThing: Warning, Incorrect count for "StripOffsets"; tag ignored.
_TIFFVSetField: poc-1: Bad value 65509 for "Orientation" tag.
TIFFFetchNormalTag: Warning, Incorrect value for "Model"; tag ignored.
TIFFFetchStripThing: Warning, Incorrect count for "StripByteCounts"; tag ignored.
TIFFFetchNormalTag: Warning, IO error during reading of "Tag 38172"; tag ignored.
TIFFReadDirectory: Warning, Incorrect count for "ColorMap"; tag ignored.
TIFFFetchNormalTag: Warning, Incompatible type for "PageNumber"; tag ignored.
_TIFFVSetField: poc-1: Null count for "Tag 4096" (type 6, writecount -3, passcount 1).
TIFFFetchNormalTag: Warning, IO error during reading of "Tag 125"; tag ignored.
TIFFFetchNormalTag: Warning, IO error during reading of "Tag 4"; tag ignored.
TIFFFetchNormalTag: Warning, IO error during reading of "Tag 5"; tag ignored.
TIFFFetchNormalTag: Warning, IO error during reading of "Tag 27"; tag ignored.
TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
TIFFReadDirectory: Warning, Unknown field with tag 8448 (0x2100) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 58660 (0xe524) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 8981 (0x2315) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 65296 (0xff10) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 60699 (0xed1b) encountered.
TIFFFetchNormalTag: Warning, Incorrect count for "Orientation"; tag ignored.
TIFFFetchNormalTag: Warning, Incorrect count for "XResolution"; tag ignored.
TIFFFetchNormalTag: Warning, Incompatible type for "PageNumber"; tag ignored.
TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
TIFFReadDirectory: Warning, Unknown field with tag 98 (0x62) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 8178 (0x1ff2) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 15 (0xf) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 62085 (0xf285) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 27952 (0x6d30) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 63319 (0xf757) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 59310 (0xe7ae) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 8448 (0x2100) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 58660 (0xe524) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 8981 (0x2315) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 65296 (0xff10) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 60699 (0xed1b) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 2 (0x2) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 4608 (0x1200) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 4096 (0x1000) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 27904 (0x6d00) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 3840 (0xf00) encountered.
TIFFFetchNormalTag: Warning, Incorrect count for "Orientation"; tag ignored.
TIFFFetchNormalTag: Warning, Incorrect count for "XResolution"; tag ignored.
TIFFFetchNormalTag: Warning, Incompatible type for "PageNumber"; tag ignored.
_TIFFVSetField: poc-1: Null count for "Tag 4096" (type 6, writecount -3, passcount 1).
TIFFReadDirectory: Warning, Incorrect count for "ColorMap"; tag ignored.
TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
TIFFReadDirectory: Warning, Unknown field with tag 25844 (0x64f4) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 514 (0x202) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 64000 (0xfa00) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 128 (0x80) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 59310 (0xe7ae) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 4355 (0x1103) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 261 (0x105) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 23 (0x17) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 60917 (0xedf5) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 21760 (0x5500) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 43520 (0xaa00) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 64127 (0xfa7f) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 28013 (0x6d6d) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 109 (0x6d) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 6146 (0x1802) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 11776 (0x2e00) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 3840 (0xf00) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 768 (0x300) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 5888 (0x1700) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 32512 (0x7f00) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 38172 (0x951c) encountered.
poc-1: Warning, Nonstandard tile width 3, convert file.
TIFFReadDirectory: Warning, Unknown field with tag 2 (0x2) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 513 (0x201) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 6912 (0x1b00) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 16384 (0x4000) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 64256 (0xfb00) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 4608 (0x1200) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 4096 (0x1000) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 27904 (0x6d00) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 251 (0xfb) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 1791 (0x6ff) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 769 (0x301) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 47361 (0xb901) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 1025 (0x401) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 61441 (0xf001) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 3 (0x3) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 5632 (0x1600) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 7169 (0x1c01) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 19712 (0x4d00) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 8 (0x8) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 2048 (0x800) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 125 (0x7d) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 4 (0x4) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 5 (0x5) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 27 (0x1b) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 63488 (0xf800) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 73 (0x49) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 65280 (0xff00) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 59005 (0xe67d) encountered.
TIFFFetchNormalTag: Warning, ASCII value for tag "Tag 261" does not end in null byte. Forcing it to be null.
TIFFFetchStripThing: Warning, Incorrect count for "StripOffsets"; tag ignored.
_TIFFVSetField: poc-1: Bad value 65509 for "Orientation" tag.
TIFFFetchNormalTag: Warning, Incorrect value for "Model"; tag ignored.
TIFFFetchStripThing: Warning, Incorrect count for "StripByteCounts"; tag ignored.
TIFFFetchNormalTag: Warning, IO error during reading of "Tag 38172"; tag ignored.
TIFFReadDirectory: Warning, Incorrect count for "ColorMap"; tag ignored.
TIFFFetchNormalTag: Warning, Incompatible type for "PageNumber"; tag ignored.
_TIFFVSetField: poc-1: Null count for "Tag 4096" (type 6, writecount -3, passcount 1).
TIFFFetchNormalTag: Warning, IO error during reading of "Tag 125"; tag ignored.
TIFFFetchNormalTag: Warning, IO error during reading of "Tag 4"; tag ignored.
TIFFFetchNormalTag: Warning, IO error during reading of "Tag 5"; tag ignored.
TIFFFetchNormalTag: Warning, IO error during reading of "Tag 27"; tag ignored.
TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
TIFFReadDirectory: Warning, Unknown field with tag 8448 (0x2100) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 58660 (0xe524) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 8981 (0x2315) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 65296 (0xff10) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 60699 (0xed1b) encountered.
TIFFFetchNormalTag: Warning, Incorrect count for "Orientation"; tag ignored.
TIFFFetchNormalTag: Warning, Incorrect count for "XResolution"; tag ignored.
TIFFFetchNormalTag: Warning, Incompatible type for "PageNumber"; tag ignored.
tiff2pdf: Warning, poc-1 is not compressed with LZW or NONE.
tiff2pdf result may be incorrect in that case.
Consider to use tiffcp(1) to change compress algorithm first..
==30162== Invalid read of size 8
==30162==    at 0x51321F2: __GI_mempcpy (in /lib64/libc-2.19.so)
==30162==    by 0x5120E66: _IO_file_xsputn@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==30162==    by 0x511701C: fwrite (in /lib64/libc-2.19.so)
==30162==    by 0x10AEE0: t2p_writeproc (tiff2pdf.c:405)
==30162==    by 0x115486: t2p_write_pdf_stream (tiff2pdf.c:3998)
==30162==    by 0x115486: t2p_write_pdf_transfer_stream (tiff2pdf.c:5026)
==30162==    by 0x115486: t2p_write_pdf (tiff2pdf.c:5506)
==30162==    by 0x10A6FF: main (tiff2pdf.c:808)
==30162==  Address 0x627d560 is 0 bytes inside a block of size 32 free'd
==30162==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30162==    by 0x4E4452F: TIFFFreeDirectory (tif_dir.c:1266)
==30162==    by 0x4E4B7F8: TIFFReadDirectory (tif_dirread.c:3563)
==30162==    by 0x4E449D8: TIFFSetDirectory (tif_dir.c:1622)
==30162==    by 0x10B66A: t2p_read_tiff_init (tiff2pdf.c:1131)
==30162==    by 0x114B0B: t2p_write_pdf (tiff2pdf.c:5440)
==30162==    by 0x10A6FF: main (tiff2pdf.c:808)
==30162== 
==30162== Invalid read of size 8
==30162==    at 0x51321F5: __GI_mempcpy (in /lib64/libc-2.19.so)
==30162==    by 0x5120E66: _IO_file_xsputn@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==30162==    by 0x511701C: fwrite (in /lib64/libc-2.19.so)
==30162==    by 0x10AEE0: t2p_writeproc (tiff2pdf.c:405)
==30162==    by 0x115486: t2p_write_pdf_stream (tiff2pdf.c:3998)
==30162==    by 0x115486: t2p_write_pdf_transfer_stream (tiff2pdf.c:5026)
==30162==    by 0x115486: t2p_write_pdf (tiff2pdf.c:5506)
==30162==    by 0x10A6FF: main (tiff2pdf.c:808)
==30162==  Address 0x627d568 is 8 bytes inside a block of size 32 free'd
==30162==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30162==    by 0x4E4452F: TIFFFreeDirectory (tif_dir.c:1266)
==30162==    by 0x4E4B7F8: TIFFReadDirectory (tif_dirread.c:3563)
==30162==    by 0x4E449D8: TIFFSetDirectory (tif_dir.c:1622)
==30162==    by 0x10B66A: t2p_read_tiff_init (tiff2pdf.c:1131)
==30162==    by 0x114B0B: t2p_write_pdf (tiff2pdf.c:5440)
==30162==    by 0x10A6FF: main (tiff2pdf.c:808)
==30162== 
==30162== Invalid read of size 8
==30162==    at 0x51321F9: __GI_mempcpy (in /lib64/libc-2.19.so)
==30162==    by 0x5120E66: _IO_file_xsputn@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==30162==    by 0x511701C: fwrite (in /lib64/libc-2.19.so)
==30162==    by 0x10AEE0: t2p_writeproc (tiff2pdf.c:405)
==30162==    by 0x115486: t2p_write_pdf_stream (tiff2pdf.c:3998)
==30162==    by 0x115486: t2p_write_pdf_transfer_stream (tiff2pdf.c:5026)
==30162==    by 0x115486: t2p_write_pdf (tiff2pdf.c:5506)
==30162==    by 0x10A6FF: main (tiff2pdf.c:808)
==30162==  Address 0x627d570 is 16 bytes inside a block of size 32 free'd
==30162==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30162==    by 0x4E4452F: TIFFFreeDirectory (tif_dir.c:1266)
==30162==    by 0x4E4B7F8: TIFFReadDirectory (tif_dirread.c:3563)
==30162==    by 0x4E449D8: TIFFSetDirectory (tif_dir.c:1622)
==30162==    by 0x10B66A: t2p_read_tiff_init (tiff2pdf.c:1131)
==30162==    by 0x114B0B: t2p_write_pdf (tiff2pdf.c:5440)
==30162==    by 0x10A6FF: main (tiff2pdf.c:808)
==30162== 
==30162== Invalid read of size 8
==30162==    at 0x51321FD: __GI_mempcpy (in /lib64/libc-2.19.so)
==30162==    by 0x5120E66: _IO_file_xsputn@@GLIBC_2.2.5 (in /lib64/libc-2.19.so)
==30162==    by 0x511701C: fwrite (in /lib64/libc-2.19.so)
==30162==    by 0x10AEE0: t2p_writeproc (tiff2pdf.c:405)
==30162==    by 0x115486: t2p_write_pdf_stream (tiff2pdf.c:3998)
==30162==    by 0x115486: t2p_write_pdf_transfer_stream (tiff2pdf.c:5026)
==30162==    by 0x115486: t2p_write_pdf (tiff2pdf.c:5506)
==30162==    by 0x10A6FF: main (tiff2pdf.c:808)
==30162==  Address 0x627d578 is 24 bytes inside a block of size 32 free'd
==30162==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30162==    by 0x4E4452F: TIFFFreeDirectory (tif_dir.c:1266)
==30162==    by 0x4E4B7F8: TIFFReadDirectory (tif_dirread.c:3563)
==30162==    by 0x4E449D8: TIFFSetDirectory (tif_dir.c:1622)
==30162==    by 0x10B66A: t2p_read_tiff_init (tiff2pdf.c:1131)
==30162==    by 0x114B0B: t2p_write_pdf (tiff2pdf.c:5440)
==30162==    by 0x10A6FF: main (tiff2pdf.c:808)
==30162== 
TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
TIFFReadDirectory: Warning, Unknown field with tag 98 (0x62) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 8178 (0x1ff2) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 15 (0xf) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 62085 (0xf285) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 27952 (0x6d30) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 63319 (0xf757) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 59310 (0xe7ae) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 8448 (0x2100) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 58660 (0xe524) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 8981 (0x2315) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 65296 (0xff10) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 60699 (0xed1b) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 2 (0x2) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 4608 (0x1200) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 4096 (0x1000) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 27904 (0x6d00) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 3840 (0xf00) encountered.
TIFFFetchNormalTag: Warning, Incorrect count for "Orientation"; tag ignored.
TIFFFetchNormalTag: Warning, Incorrect count for "XResolution"; tag ignored.
TIFFFetchNormalTag: Warning, Incompatible type for "PageNumber"; tag ignored.
_TIFFVSetField: poc-1: Null count for "Tag 4096" (type 6, writecount -3, passcount 1).
TIFFReadDirectory: Warning, Incorrect count for "ColorMap"; tag ignored.
tiff2pdf: Warning, poc-1 is not compressed with LZW or NONE.
tiff2pdf result may be incorrect in that case.
Consider to use tiffcp(1) to change compress algorithm first..
tiff2pdf: No support for poc-1 with 259 samples per pixel.
tiff2pdf: An error occurred creating output PDF file.
$


But I cannot for current state in factory:

$ valgrind -q tiff2pdf poc-1 -o foo
TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
TIFFReadDirectory: Warning, Unknown field with tag 8448 (0x2100) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 58660 (0xe524) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 8981 (0x2315) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 65296 (0xff10) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 60699 (0xed1b) encountered.
TIFFFetchNormalTag: Warning, Incorrect count for "Orientation"; tag ignored.
TIFFFetchNormalTag: Warning, Incorrect count for "XResolution"; tag ignored.
TIFFFetchNormalTag: Warning, Incompatible type for "PageNumber"; tag ignored.
TIFFAdvanceDirectory: Error fetching directory count.
TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
TIFFReadDirectory: Warning, Unknown field with tag 8448 (0x2100) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 58660 (0xe524) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 8981 (0x2315) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 65296 (0xff10) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 60699 (0xed1b) encountered.
TIFFFetchNormalTag: Warning, Incorrect count for "Orientation"; tag ignored.
TIFFFetchNormalTag: Warning, Incorrect count for "XResolution"; tag ignored.
TIFFFetchNormalTag: Warning, Incompatible type for "PageNumber"; tag ignored.
TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
TIFFReadDirectory: Warning, Unknown field with tag 98 (0x62) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 8178 (0x1ff2) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 15 (0xf) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 62085 (0xf285) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 27952 (0x6d30) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 63319 (0xf757) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 59310 (0xe7ae) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 8448 (0x2100) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 58660 (0xe524) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 8981 (0x2315) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 65296 (0xff10) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 60699 (0xed1b) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 2 (0x2) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 4608 (0x1200) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 4096 (0x1000) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 27904 (0x6d00) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 3840 (0xf00) encountered.
TIFFFetchNormalTag: Warning, Incorrect count for "Orientation"; tag ignored.
TIFFFetchNormalTag: Warning, Incorrect count for "XResolution"; tag ignored.
TIFFFetchNormalTag: Warning, Incompatible type for "PageNumber"; tag ignored.
_TIFFVSetField: poc-1: Null count for "Tag 4096" (type 6, writecount -3, passcount 1).
TIFFReadDirectory: Warning, Incorrect count for "ColorMap"; tag ignored.
TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
TIFFReadDirectory: Warning, Unknown field with tag 25844 (0x64f4) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 514 (0x202) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 64000 (0xfa00) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 128 (0x80) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 59310 (0xe7ae) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 4355 (0x1103) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 261 (0x105) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 23 (0x17) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 60917 (0xedf5) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 21760 (0x5500) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 43520 (0xaa00) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 64127 (0xfa7f) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 28013 (0x6d6d) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 109 (0x6d) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 6146 (0x1802) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 11776 (0x2e00) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 3840 (0xf00) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 768 (0x300) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 5888 (0x1700) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 32512 (0x7f00) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 38172 (0x951c) encountered.
poc-1: Warning, Nonstandard tile width 3, convert file.
TIFFReadDirectory: Warning, Unknown field with tag 2 (0x2) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 513 (0x201) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 6912 (0x1b00) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 16384 (0x4000) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 64256 (0xfb00) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 4608 (0x1200) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 4096 (0x1000) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 27904 (0x6d00) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 251 (0xfb) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 1791 (0x6ff) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 769 (0x301) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 47361 (0xb901) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 1025 (0x401) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 61441 (0xf001) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 3 (0x3) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 5632 (0x1600) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 7169 (0x1c01) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 19712 (0x4d00) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 8 (0x8) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 2048 (0x800) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 125 (0x7d) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 4 (0x4) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 5 (0x5) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 27 (0x1b) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 63488 (0xf800) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 73 (0x49) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 65280 (0xff00) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 59005 (0xe67d) encountered.
TIFFFetchNormalTag: Warning, ASCII value for tag "Tag 261" does not end in null byte. Forcing it to be null.
TIFFFetchStripThing: Warning, Incorrect count for "StripOffsets"; tag ignored.
_TIFFVSetField: poc-1: Bad value 65509 for "Orientation" tag.
TIFFFetchNormalTag: Warning, Incorrect value for "Model"; tag ignored.
TIFFFetchStripThing: Warning, Incorrect count for "StripByteCounts"; tag ignored.
TIFFFetchNormalTag: Warning, IO error during reading of "Tag 38172"; tag ignored.
TIFFReadDirectory: Warning, Incorrect count for "ColorMap"; tag ignored.
TIFFFetchNormalTag: Warning, Incompatible type for "PageNumber"; tag ignored.
_TIFFVSetField: poc-1: Null count for "Tag 4096" (type 6, writecount -3, passcount 1).
TIFFFetchNormalTag: Warning, IO error during reading of "Tag 125"; tag ignored.
TIFFFetchNormalTag: Warning, IO error during reading of "Tag 4"; tag ignored.
TIFFFetchNormalTag: Warning, IO error during reading of "Tag 5"; tag ignored.
TIFFFetchNormalTag: Warning, IO error during reading of "Tag 27"; tag ignored.
TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
TIFFReadDirectory: Warning, Unknown field with tag 8448 (0x2100) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 58660 (0xe524) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 8981 (0x2315) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 65296 (0xff10) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 60699 (0xed1b) encountered.
TIFFFetchNormalTag: Warning, Incorrect count for "Orientation"; tag ignored.
TIFFFetchNormalTag: Warning, Incorrect count for "XResolution"; tag ignored.
TIFFFetchNormalTag: Warning, Incompatible type for "PageNumber"; tag ignored.
TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
TIFFReadDirectory: Warning, Unknown field with tag 98 (0x62) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 8178 (0x1ff2) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 15 (0xf) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 62085 (0xf285) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 27952 (0x6d30) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 63319 (0xf757) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 59310 (0xe7ae) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 8448 (0x2100) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 58660 (0xe524) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 8981 (0x2315) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 65296 (0xff10) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 60699 (0xed1b) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 2 (0x2) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 4608 (0x1200) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 4096 (0x1000) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 27904 (0x6d00) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 3840 (0xf00) encountered.
TIFFFetchNormalTag: Warning, Incorrect count for "Orientation"; tag ignored.
TIFFFetchNormalTag: Warning, Incorrect count for "XResolution"; tag ignored.
TIFFFetchNormalTag: Warning, Incompatible type for "PageNumber"; tag ignored.
_TIFFVSetField: poc-1: Null count for "Tag 4096" (type 6, writecount -3, passcount 1).
TIFFReadDirectory: Warning, Incorrect count for "ColorMap"; tag ignored.
tiff2pdf: Different transfer function on page 1.
tiff2pdf: An error occurred creating output PDF file.
$
Comment 4 Petr Gajdos 2018-04-27 10:16:20 UTC
11/tiff

Even after update of tiff2pdf.c to 4.0.9 version I do not get invalid reads:

$ valgrind -q tiff2pdf poc-1 -o foo
TIFFReadDirectory: Warning, poc-1: unknown field with tag 8448 (0x2100) encountered.
TIFFReadDirectory: Warning, poc-1: unknown field with tag 58660 (0xe524) encountered.
TIFFReadDirectory: Warning, poc-1: invalid TIFF directory; tags are not sorted in ascending order.
TIFFReadDirectory: Warning, poc-1: wrong data type 65407 for "Orientation"; tag ignored.
TIFFReadDirectory: Warning, poc-1: unknown field with tag 8981 (0x2315) encountered.
poc-1: Warning, incorrect count for field "XResolution" (6553855, expecting 1); tag trimmed.
TIFFReadDirectory: Warning, poc-1: unknown field with tag 65296 (0xff10) encountered.
TIFFReadDirectory: Warning, poc-1: unknown field with tag 60699 (0xed1b) encountered.
TIFFReadDirectory: Warning, poc-1: wrong data type 2051 for "PageNumber"; tag ignored.
poc-1: Warning, incorrect count for field "StripOffsets" (268435457, expecting 1); tag trimmed.
poc-1: Error fetching data for field "StripOffsets".
tiff2pdf: Can't open input file poc-1 for reading.
$
Comment 5 Petr Gajdos 2018-04-27 10:19:30 UTC
12/tiff

tiff-4.0.9-bsc1046077-CVE-2017-9935.patch in factory seems to make the difference. After applying it I get:

$ valgrind -q tiff2pdf POC1 -o foo
TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
POC1: Warning, Nonstandard tile width 2, convert file.
TIFFReadDirectory: Warning, Unknown field with tag 59005 (0xe67d) encountered.
TIFFFetchNormalTag: Warning, ASCII value for tag "DocumentName" contains null byte in value; value incorrectly truncated during reading due to implementation limitations.
TIFFFetchStripThing: Warning, Incorrect count for "StripOffsets"; tag ignored.
TIFFAdvanceDirectory: Error fetching directory count.
TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
POC1: Warning, Nonstandard tile width 2, convert file.
TIFFReadDirectory: Warning, Unknown field with tag 59005 (0xe67d) encountered.
TIFFFetchNormalTag: Warning, ASCII value for tag "DocumentName" contains null byte in value; value incorrectly truncated during reading due to implementation limitations.
TIFFFetchStripThing: Warning, Incorrect count for "StripOffsets"; tag ignored.
TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
POC1: Warning, Nonstandard tile width 2, convert file.
TIFFReadDirectory: Warning, Unknown field with tag 59005 (0xe67d) encountered.
TIFFFetchNormalTag: Warning, ASCII value for tag "DocumentName" contains null byte in value; value incorrectly truncated during reading due to implementation limitations.
TIFFFetchStripThing: Warning, Incorrect count for "StripOffsets"; tag ignored.
TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
POC1: Warning, Nonstandard tile width 2, convert file.
TIFFReadDirectory: Warning, Unknown field with tag 59005 (0xe67d) encountered.
TIFFFetchNormalTag: Warning, ASCII value for tag "DocumentName" contains null byte in value; value incorrectly truncated during reading due to implementation limitations.
TIFFFetchStripThing: Warning, Incorrect count for "StripOffsets"; tag ignored.
tiff2pdf: Warning, POC1 is not compressed with LZW or NONE.
tiff2pdf result may be incorrect in that case.
Consider to use tiffcp(1) to change compress algorithm first..
ZIPDecode: Decoding error at scanline 0, incorrect header check.
ZIPDecode: Decoding error at scanline 0, invalid stored block lengths.
ZIPDecode: Decoding error at scanline 0, invalid stored block lengths.
ZIPDecode: Decoding error at scanline 0, incorrect header check.
ZIPDecode: Decoding error at scanline 0, invalid stored block lengths.
ZIPDecode: Decoding error at scanline 0, invalid stored block lengths.
ZIPDecode: Decoding error at scanline 0, incorrect header check.
ZIPDecode: Decoding error at scanline 0, invalid stored block lengths.
ZIPDecode: Decoding error at scanline 0, invalid stored block lengths.
ZIPDecode: Decoding error at scanline 0, incorrect header check.
ZIPDecode: Decoding error at scanline 0, invalid stored block lengths.
ZIPDecode: Decoding error at scanline 0, invalid stored block lengths.
ZIPDecode: Decoding error at scanline 0, incorrect header check.
ZIPDecode: Decoding error at scanline 0, invalid stored block lengths.
ZIPDecode: Decoding error at scanline 0, invalid stored block lengths.
ZIPDecode: Decoding error at scanline 0, incorrect header check.
ZIPDecode: Decoding error at scanline 0, invalid stored block lengths.
ZIPDecode: Decoding error at scanline 0, invalid stored block lengths.
ZIPDecode: Decoding error at scanline 0, incorrect header check.
ZIPDecode: Decoding error at scanline 0, invalid stored block lengths.
ZIPDecode: Decoding error at scanline 0, invalid stored block lengths.
ZIPDecode: Decoding error at scanline 0, incorrect header check.
ZIPDecode: Decoding error at scanline 0, invalid stored block lengths.
ZIPDecode: Decoding error at scanline 0, invalid stored block lengths.
ZIPDecode: Decoding error at scanline 0, incorrect header check.
ZIPDecode: Decoding error at scanline 0, invalid stored block lengths.
ZIPDecode: Decoding error at scanline 0, invalid stored block lengths.
ZIPDecode: Decoding error at scanline 0, incorrect header check.
ZIPDecode: Decoding error at scanline 0, invalid stored block lengths.
ZIPDecode: Decoding error at scanline 0, invalid stored block lengths.
ZIPDecode: Decoding error at scanline 0, incorrect header check.
ZIPDecode: Decoding error at scanline 0, invalid stored block lengths.
ZIPDecode: Decoding error at scanline 0, invalid stored block lengths.
ZIPDecode: Decoding error at scanline 0, incorrect header check.
ZIPDecode: ZLib error: .
tiff2pdf: Error on decoding tile 15 of POC1.
tiff2pdf: An error occurred creating output PDF file.
$

[no invalid reads]

I will consider it as a fix for this bug also.
Comment 6 Petr Gajdos 2018-04-27 10:54:05 UTC
Will be submitted for 12/tiff, 11/tiff and 10sp3/tiff.
Comment 7 Petr Gajdos 2018-04-27 10:59:31 UTC
I believe all fixed in sr#163144, sr#163145 and sr#163146.

I think this bug can be reassigned to security-team@ after review and creating maintenance request.
Comment 8 Michael Vetter 2018-05-07 13:09:55 UTC
SR#164509 SLE-10-SP3
SR#164510 SLE-11
SR#164511 SLE-12
Comment 10 Swamp Workflow Management 2018-05-09 16:14:39 UTC
SUSE-SU-2018:1179-1: An update that solves 11 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1007280,1011107,1011845,1017688,1017690,1017691,1017692,1031255,1046077,1048937,1074318,960341,983436
CVE References: CVE-2015-7554,CVE-2016-10095,CVE-2016-10268,CVE-2016-3945,CVE-2016-5318,CVE-2016-5652,CVE-2016-9453,CVE-2016-9536,CVE-2017-11335,CVE-2017-17973,CVE-2017-9935
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    tiff-3.8.2-141.169.3.1
SUSE Linux Enterprise Server 11-SP4 (src):    tiff-3.8.2-141.169.3.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    tiff-3.8.2-141.169.3.1
Comment 11 Swamp Workflow Management 2018-05-09 16:15:53 UTC
SUSE-SU-2018:1180-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1046077,1074318,1081690
CVE References: CVE-2017-17973,CVE-2017-9935,CVE-2018-5784
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    tiff-4.0.9-44.10.1
SUSE Linux Enterprise Server 12-SP3 (src):    tiff-4.0.9-44.10.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    tiff-4.0.9-44.10.1
Comment 12 Andreas Stieger 2018-05-10 17:55:27 UTC
release for Leap 42.3, closing
Comment 13 Swamp Workflow Management 2018-05-10 22:07:19 UTC
openSUSE-SU-2018:1204-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1046077,1074318,1081690
CVE References: CVE-2017-17973,CVE-2017-9935,CVE-2018-5784
Sources used:
openSUSE Leap 42.3 (src):    tiff-4.0.9-28.1
Comment 14 Swamp Workflow Management 2018-05-11 15:25:24 UTC
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2018-05-18.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/64038