Subject: [ASA-201707-18] lib32-libtiff: arbitrary code execution Arch Linux Security Advisory ASA-201707-18 ========================================== Severity: Critical Date : 2017-07-18 CVE-ID : CVE-2015-7554 CVE-2016-10095 Package : lib32-libtiff Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-87 Summary ======= The package lib32-libtiff before version 4.0.8-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 4.0.8-1. # pacman -Syu "lib32-libtiff>=4.0.8-1" The problems have been fixed upstream in version 4.0.8. Workaround ========== None. Description =========== - CVE-2015-7554 (arbitrary code execution) An Invalid memory write flaw was found in libtiff in the way it parsed certain extension tags when reading TIFF format files. An attacker could use this flaw to crash or even execute arbitrary code with the permission of the user running such an application compiled against libtiff. - CVE-2016-10095 (arbitrary code execution) A stack-based buffer overflow vulnerability was found in libtiff, in the _TIFFVGetField function in tif_dir.c, when running tiffslpit on crafted tiff file. Impact ====== A remote attacker can execute arbitrary code on the affected host via a crafted TIFF file. References ========== https://bugs.archlinux.org/task/54842 http://seclists.org/oss-sec/2015/q4/590 http://bugzilla.maptools.org/show_bug.cgi?id=2564 http://seclists.org/oss-sec/2017/q1/10 https://blogs.gentoo.org/ago/2017/01/01/libtiff-stack-based-buffer-overflow-in-_tiffvgetfield-tif_dir-c/ https://security.archlinux.org/CVE-2015-7554 https://security.archlinux.org/CVE-2016-10095