Debian Tiff vulnerabilities

CVE-2016-9537 [CRITICAL] CVE-2016-9537: tiff - tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buf... tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097. Scope: local bookworm: resolved (fixed in 4.0.7-1) bullseye: resolved (fixed in 4.0.7-1) forky: resolved (fixed in 4.0.7-1) sid: resolved (fixed in 4.0.7-1) trixie: resolved (fixed in 4.0.7-1)

CVE-2016-9534 [CRITICAL] CVE-2016-9534: tiff - tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushDat... tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow." Scope: local bookworm: resolved (fixed in 4.0.7-1) bullseye: resolved (fixed in 4.0.7-1) forky: resolved (fixed in 4.0.7-1) sid: resolved (fixed in 4.0.7-1) trixi

CVE-2016-9533 [CRITICAL] CVE-2016-9533: tiff - tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap ... tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog horizontalDifference heap-buffer-overflow." Scope: local bookworm: resolved (fixed in 4.0.7-1) bullseye: resolved (fixed in 4.0.7-1) forky: resolved (fixed in 4.0.7-1) sid: resolved (fixed in 4.0.7-1) trixie: resolved (fixed in 4.0.

CVE-2016-9536 [CRITICAL] CVE-2016-9536: tiff - tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in hea... tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka "t2p_process_jpeg_strip heap-buffer-overflow." Scope: local bookworm: resolved (fixed in 4.0.7-1) bullseye: resolved (fixed in 4.0.7-1) forky: resolved (fixed in 4.0.7-1) sid: resolved (fixed in 4.0.7-1) trixie:

CVE-2016-9540 [CRITICAL] CVE-2016-9540: tiff - tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with ... tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow." Scope: local bookworm: resolved (fixed in 4.0.7-1) bullseye: resolved (fixed in 4.0.7-1) forky: resolved (fixed in 4.0.7-1) sid: resolved (fixed in 4.0.7-1) trixie: resolved (fixed in 4.0.

CVE-2016-6223 [CRITICAL] CVE-2016-6223: tiff - The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff be... The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer. Scope: local bookworm: resolved (fixed in 4.0.6-2) bullseye: resolved (fixed in 4.0.6-2) forky: resolved (fixed in 4.0.6-2) sid:

CVE-2016-9535 [CRITICAL] CVE-2016-9535: tiff - tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead t... tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow." Scope: local bookworm: resolved (fixed in 4.0.7-1) bullseye: resolved (fixed in 4.0.7-1)

CVE-2016-9538 [CRITICAL] CVE-2016-9538: tiff - tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsI... tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100. Scope: local bookworm: resolved (fixed in 4.0.7-1) bullseye: resolved (fixed in 4.0.7-1) forky: resolved (fixed in 4.0.7-1) sid: resolved (fixed in 4.0.7-1) trixie: resolved (fixed in 4.0.7-1)

CVE-2016-10093 [HIGH] CVE-2016-10093: tiff - Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6,... Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image, which triggers a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 4.0.7-2) bu

CVE-2016-3631 [HIGH] CVE-2016-3631: tiff - The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.... The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the bytecounts[] array variable. Scope: local bookworm: resolved (fixed in 4.0.6-3) bullseye: resolved (fixed in 4.0.6-3) forky: resolved (fixed in 4.0.6-3) sid: resolved (fixed in 4.

CVE-2016-3990 [HIGH] CVE-2016-3990: tiff - Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog... Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp. Scope: local bookworm: resolved (fixed in 4.0.7-1) bullseye: resolved (fixed in 4.0.7-1) forky: resolved (fixed in 4.0.7-1) sid: resolved

CVE-2016-3945 [HIGH] CVE-2016-3945: tiff - Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions... Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write. Scope: local bookworm: resolved (fixed in 4.0.7-1) bullseye: res

CVE-2016-3634 [HIGH] CVE-2016-3634: tiff - The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibTIFF 4.0.6 ... The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to field_tag matching. Scope: local bookworm: resolved (fixed in 4.0.6-3) bullseye: resolved (fixed in 4.0.6-3) forky: resolved (fixed in 4.0.6-3) sid: resolved (fixed in 4.0.6-3) trixie:

CVE-2016-8331 [HIGH] CVE-2016-8331: tiff - An exploitable remote code execution vulnerability exists in the handling of TIF... An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality. Scope: local bookworm: resolv

CVE-2016-5652 [HIGH] CVE-2016-5652: tiff - An exploitable heap-based buffer overflow exists in the handling of TIFF images ... An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means. Scope: local bookworm: resolved (fixed in 4.0.6-3) bullseye: resolved (fixed in 4.0.6

CVE-2016-3624 [HIGH] CVE-2016-3624: tiff - The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows ... The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the "-v" option to -1. Scope: local bookworm: resolved (fixed in 4.0.6-3) bullseye: resolved (fixed in 4.0.6-3) forky: resolved (fixed in 4.0.6-3) sid: resolved (fixed in 4.0.6-3) trixie: resolved (fixed in 4.0.6-3

CVE-2016-9453 [HIGH] CVE-2016-9453: tiff - The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to ... The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one. Scope: local bookworm: resolved (fixed in 4.0.6-3) bullseye: resolved (fixed in 4.0.6-3) forky: resolved (fixed in 4.0.6-3) sid: resolved (fixe

CVE-2016-10269 [HIGH] CVE-2016-10269: tiff - LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, ... LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6 and 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 512" and libtiff/tif_unix.c:340:2. Scope: local bookworm: resolved

CVE-2016-10272 [HIGH] CVE-2016-10272: tiff - LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based b... LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and libtiff/tif_next.c:64:9. Scope: local bookworm: resolved (fixed in 4.0.7-2) bullseye: resolved (fixed in 4.0.7-2) forky: resolved (fixed in 4.0.7-2) sid: resolved (fixed i

CVE-2016-3991 [HIGH] CVE-2016-3991: tiff - Heap-based buffer overflow in the loadImage function in the tiffcrop tool in Lib... Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles. Scope: local bookworm: resolved (fixed in 4.0.7-1) bullseye: resolved (fixed in 4.0.7-1) forky: resolved (fixed in 4.0.7-1) sid