Arch Linux Security Advisory ASA-201704-10 ========================================== Severity: Medium Date : 2017-04-28 CVE-ID : CVE-2017-7592 CVE-2017-7593 CVE-2017-7594 CVE-2017-7595 CVE-2017-7596 CVE-2017-7597 CVE-2017-7598 CVE-2017-7599 CVE-2017-7600 CVE-2017-7601 CVE-2017-7602 Package : libtiff Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-237 Summary ======= The package libtiff before version 4.0.7-3 is vulnerable to multiple issues including denial of service and information disclosure. Resolution ========== Upgrade to 4.0.7-3. # pacman -Syu "libtiff>=4.0.7-3" The problems have been fixed upstream but no release is available yet. Workaround ========== None. Description =========== - CVE-2017-7592 (denial of service) A security issue has been found in libtiff <= 4.0.7, where a crafted TIFF file can trigger an undefined behavior in putagreytile(). - CVE-2017-7593 (information disclosure) A security issue has been found in libtiff < 4.0.7, where a crafted tiff image can cause a unitialized-memory access in tif_rawdata(), leading to information leakage. - CVE-2017-7594 (denial of service) A security issue has been found in libtiff < 4.0.7, where a crafted tiff image can cause a memory leak in OJPEGReadHeaderInfoSecTablesAcTable(). - CVE-2017-7595 (denial of service) A security issue has been found in libtiff < 4.0.7, where a crafted tiff image can cause a division by zero in JPEGSetupEncode(), leading to denial of service. - CVE-2017-7596 (denial of service) A security issue has been found in libtiff <= 4.0.7, where a crafted TIFF file can trigger an undefined behavior. - CVE-2017-7597 (denial of service) A security issue has been found in libtiff <= 4.0.7, where a crafted TIFF file can trigger an undefined behavior. - CVE-2017-7598 (denial of service) A security issue has been found in libtiff <= 4.0.7, where a crafted TIFF file can trigger a division by zero in TIFFReadDirEntryCheckedRational() or TIFFReadDirEntryCheckedSrational(), leading to denial of service - CVE-2017-7599 (denial of service) A security issue has been found in libtiff <= 4.0.7, where a crafted TIFF file can trigger an undefined behavior. - CVE-2017-7600 (denial of service) A security issue has been found in libtiff <= 4.0.7, where a crafted TIFF file can trigger an undefined behavior. - CVE-2017-7601 (denial of service) A security issue has been found in libtiff <= 4.0.7, where a crafted TIFF file can trigger an undefined behavior (invalid shift exponent) in JPEGSetupEncode(). - CVE-2017-7602 (denial of service) A security issue has been found in libtiff <= 4.0.7, where a crafted TIFF file can trigger an undefined behavior in TIFFReadRawStrip1(). Impact ====== A remote attacker can access sensitive information and cause an application crash via a crafted TIFF file. References ========== http://seclists.org/oss-sec/2017/q2/35 http://bugzilla.maptools.org/show_bug.cgi?id=2658 https://github.com/vadz/libtiff/commit/48780b4fcc425cddc4ef8ffdf536f96a0d1b313b http://seclists.org/oss-sec/2017/q2/36 http://bugzilla.maptools.org/show_bug.cgi?id=2651 https://github.com/vadz/libtiff/commit/d60332057b9575ada4f264489582b13e30137be1 https://github.com/vadz/libtiff/commit/8283e4d1b7e53340684d12932880cbcbaf23a8c1 http://bugzilla.maptools.org/show_bug.cgi?id=2659 http://seclists.org/oss-sec/2017/q2/37 https://blogs.gentoo.org/ago/2017/04/01/libtiff-divide-by-zero-in-jpegsetupencode-tiff_jpeg-c/ https://github.com/vadz/libtiff/commit/47f2fb61a3a64667bce1a8398a8fcb1b348ff122 http://seclists.org/oss-sec/2017/q2/38 http://seclists.org/oss-sec/2017/q2/39 https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490 https://github.com/vadz/libtiff/commit/3cfd62d77c2a7e147a05bd678524c345fa9c2bb8 https://github.com/vadz/libtiff/commit/0a76a8c765c7b8327c59646284fa78c3c27e5490 https://github.com/vadz/libtiff/commit/66e7bd59520996740e4df5495a830b42fae48bc4 https://security.archlinux.org/CVE-2017-7592 https://security.archlinux.org/CVE-2017-7593 https://security.archlinux.org/CVE-2017-7594 https://security.archlinux.org/CVE-2017-7595 https://security.archlinux.org/CVE-2017-7596 https://security.archlinux.org/CVE-2017-7597 https://security.archlinux.org/CVE-2017-7598 https://security.archlinux.org/CVE-2017-7599 https://security.archlinux.org/CVE-2017-7600 https://security.archlinux.org/CVE-2017-7601 https://security.archlinux.org/CVE-2017-7602