Debian Tiff vulnerabilities

CVE-2017-7596 [HIGH] CVE-2017-7596: tiff - LibTIFF 4.0.7 has an "outside the range of representable values of type float" u... LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. Scope: local bookworm: resolved (fixed in 4.0.7-6) bullseye: resolved (fixed in 4.0.7-6) forky: resolved (fixed in 4.0.7-

CVE-2017-7597 [HIGH] CVE-2017-7597: tiff - tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values... tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. Scope: local bookworm: resolved (fixed in 4.0.7-6) bullseye: resolved (fixed in 4.0.7-6) forky: resolved

CVE-2017-18013 [MEDIUM] CVE-2017-18013: tiff - In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPri... In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash. Scope: local bookworm: resolved (fixed in 4.0.9-3) bullseye: resolved (fixed in 4.0.9-3) forky: resolved (fixed in 4.0.9-3) sid: resolved (fixed in 4.0.9-3) trixie: resolved (fixed in 4.0.9-3)

CVE-2017-9936 [MEDIUM] CVE-2017-9936: tiff - In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document ... In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack. Scope: local bookworm: resolved (fixed in 4.0.8-3) bullseye: resolved (fixed in 4.0.8-3) forky: resolved (fixed in 4.0.8-3) sid: resolved (fixed in 4.0.8-3) trixie: resolved (fixed in 4.0.8-3)

CVE-2017-13727 [MEDIUM] CVE-2017-13727: tiff - There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd... There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. Scope: local bookworm: resolved (fixed in 4.0.8-5) bullseye: resolved (fixed in 4.0.8-5) forky: resolved (fixed in 4.0.8-5) sid: resolved (fixed in 4.0.8-5) tri

CVE-2017-13726 [MEDIUM] CVE-2017-13726: tiff - There is a reachable assertion abort in the function TIFFWriteDirectorySec() in ... There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. Scope: local bookworm: resolved (fixed in 4.0.8-5) bullseye: resolved (fixed in 4.0.8-5) forky: resolved (fixed in 4.0.8-5) sid: resolved (fixed in 4.0.8-5) trixie: r

CVE-2017-9147 [MEDIUM] CVE-2017-9147: tiff - LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, w... LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file. Scope: local bookworm: resolved (fixed in 4.0.8-2) bullseye: resolved (fixed in 4.0.8-2) forky: resolved (fixed in 4.0.8-2) sid: resolved (fixed in 4.0.8-2) trixie: resolved (fixed in 4.0.8-2)

CVE-2017-9815 [MEDIUM] CVE-2017-9815: tiff - In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread... In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function _TIFFmalloc in tif_unix.c) via a crafted file. Scope: local bookworm: resolved (fixed in 4.0.8-1) bullseye: resolved (fixed in 4.0.8-1) forky: resolved (fixed in 4.0.8-1) s

CVE-2017-7593 [MEDIUM] CVE-2017-7593: tiff - tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initial... tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image. Scope: local bookworm: resolved (fixed in 4.0.7-6) bullseye: resolved (fixed in 4.0.7-6) forky: resolved (fixed in 4.0.7-6) sid: resolved (fixed in 4.0.7-6) trixie: resolved (fi

CVE-2017-9404 [MEDIUM] CVE-2017-9404: tiff - In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGRea... In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file. Scope: local bookworm: resolved (fixed in 4.0.8-1) bullseye: resolved (fixed in 4.0.8-1) forky: resolved (fixed in 4.0.8-1) sid: resolved (fixed in 4.0.8-1) trixie: resolved (f

CVE-2017-9403 [MEDIUM] CVE-2017-9403: tiff - In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFRead... In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file. Scope: local bookworm: resolved (fixed in 4.0.8-1) bullseye: resolved (fixed in 4.0.8-1) forky: resolved (fixed in 4.0.8-1) sid: resolved (fixed in 4.0.8-1) trixie: resolved (fixed i

CVE-2017-16232 [HIGH] CVE-2017-16232: tiff - LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to... LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2017-17095 [HIGH] CVE-2017-17095: tiff - tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a d... tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file. Scope: local bookworm: resolved (fixed in 4.0.9-5) bullseye: resolved (fixed in 4.0.9-5) forky: resolved (fixed in 4.0.9-5) sid: resolved (f

CVE-2017-7594 [MEDIUM] CVE-2017-7594: tiff - The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7... The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image. Scope: local bookworm: resolved (fixed in 4.0.7-6) bullseye: resolved (fixed in 4.0.7-6) forky: resolved (fixed in 4.0.7-6) sid: resolved (fixed in 4.0.7-6) trixie: resolved (fixed in 4.0.7-6)

CVE-2017-7595 [MEDIUM] CVE-2017-7595: tiff - The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attac... The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. Scope: local bookworm: resolved (fixed in 4.0.7-6) bullseye: resolved (fixed in 4.0.7-6) forky: resolved (fixed in 4.0.7-6) sid: resolved (fixed in 4.0.7-6) trixie: resolved (fixed in 4.0.7-6

CVE-2017-7598 [HIGH] CVE-2017-7598: tiff - tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of... tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. Scope: local bookworm: resolved (fixed in 4.0.7-6) bullseye: resolved (fixed in 4.0.7-6) forky: resolved (fixed in 4.0.7-6) sid: resolved (fixed in 4.0.7-6) trixie: resolved (fixed in 4.0.7-6)

CVE-2017-5563 [HIGH] CVE-2017-5563: tiff - LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.... LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff. Scope: local bookworm: resolved (fixed in 4.0.7-1) bullseye: resolved (fixed in 4.0.7-1) forky: resolved (fixed in 4.0.7-1) sid: resolved (fixed in 4.0.7-1) trixie: resolved (fixed in 4.0.7-1)

CVE-2017-11613 [MEDIUM] CVE-2017-11613: tiff - In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen fun... In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based

CVE-2017-9117 [MEDIUM] CVE-2017-9117: tiff - In LibTIFF 4.0.6 and possibly other versions, the program processes BMP images w... In LibTIFF 4.0.6 and possibly other versions, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, as demonstrated by a heap-based buffer over-read in bmp2tiff. NOTE: mentioning bmp2tiff does not imply that the activation point is in the bmp2tiff.c file (which was removed before the 4.0.7

CVE-2017-17942 [HIGH] CVE-2017-17942: tiff - In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBit... In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c. Scope: local bookworm: resolved (fixed in 4.0.6-3) bullseye: resolved (fixed in 4.0.6-3) forky: resolved (fixed in 4.0.6-3) sid: resolved (fixed in 4.0.6-3) trixie: resolved (fixed in 4.0.6-3)