tiff: CVE-2017-11335: tiff2pdf: heap based buffer write overflow

Debian Bug report logs - #868513
tiff: CVE-2017-11335: tiff2pdf: heap based buffer write overflow

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: tiff: CVE-2017-11335: tiff2pdf: heap based buffer write overflow

Date: Sun, 16 Jul 2017 11:40:44 +0200

Source: tiff
Version: 4.0.3-12.3
Severity: important
Tags: upstream security patch fixed-upstream
Forwarded: http://bugzilla.maptools.org/show_bug.cgi?id=2715

Hi,

the following vulnerability was published for tiff.

CVE-2017-11335[0]:
| There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF
| 4.0.8 via a PlanarConfig=Contig image, which causes a more than one
| hundred bytes out-of-bounds write (related to the ZIPDecode function in
| tif_zip.c). A crafted input may lead to a remote denial of service
| attack or an arbitrary code execution attack.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-11335
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11335
[1] http://bugzilla.maptools.org/show_bug.cgi?id=2715
[2] https://github.com/vadz/libtiff/commit/69bfeec247899776b1b396651adb47436e5f1556

Regards,
Salvatore

Message #10 received at 868513-close@bugs.debian.org (full text, mbox, reply):

From: Laszlo Boszormenyi (GCS) <gcs@debian.org>

To: 868513-close@bugs.debian.org

Subject: Bug#868513: fixed in tiff 4.0.8-4

Date: Sun, 16 Jul 2017 11:49:57 +0000

Source: tiff
Source-Version: 4.0.8-4

We believe that the bug you reported is fixed in the latest version of
tiff, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 868513@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <gcs@debian.org> (supplier of updated tiff package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 16 Jul 2017 11:07:56 +0000
Source: tiff
Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl libtiff-doc
Architecture: source all amd64
Version: 4.0.8-4
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
 libtiff-doc - TIFF manipulation and conversion documentation
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff5   - Tag Image File Format (TIFF) library
 libtiff5-dev - Tag Image File Format library (TIFF), development files
 libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 868513
Changes:
 tiff (4.0.8-4) unstable; urgency=high
 .
   * Fix regression in the decoding of old-style LZW compressed files.
   * Fix CVE-2017-11335: heap based buffer write overflow in tiff2pdf
     (closes: #868513).
Checksums-Sha1:
 61fd4d4391a9814dc23604809ce3bbba4ed4b42b 2157 tiff_4.0.8-4.dsc
 2e744619ef28f8281b32e58521e9e9ed8c92576d 23340 tiff_4.0.8-4.debian.tar.xz
 8f275e61554df1cbedb2093d5873cfc2bb011672 395568 libtiff-doc_4.0.8-4_all.deb
 775850a2b3da5c7664efe0ad1b1381731f4c3418 14156 libtiff-opengl-dbgsym_4.0.8-4_amd64.deb
 a8f417366eff993679cfdb05742b3fa2a266d881 100116 libtiff-opengl_4.0.8-4_amd64.deb
 0efa83f0ae4c84100a8e4edbb4aa8ee5259380a6 351672 libtiff-tools-dbgsym_4.0.8-4_amd64.deb
 e1e4dc7c1eb15cde2ea5e4dc9b09992895d5e8f4 280930 libtiff-tools_4.0.8-4_amd64.deb
 d1fec5b919ca6bf5ac34c84070e1b2afe238edc0 370934 libtiff5-dbgsym_4.0.8-4_amd64.deb
 769d9878265c6e722df9be0e2ae716bc979bde8e 359904 libtiff5-dev_4.0.8-4_amd64.deb
 7fd8a66f2afcead90bfbb73aa3e346228360578f 237216 libtiff5_4.0.8-4_amd64.deb
 ee93122105b537e5e789843110abfd5d8c8083e5 21006 libtiffxx5-dbgsym_4.0.8-4_amd64.deb
 1e6b8297649693ecf3fdf47c8837250f786cea69 95436 libtiffxx5_4.0.8-4_amd64.deb
 fee95eeb0a2694a186105f5ec71b6fe03db54f36 10955 tiff_4.0.8-4_amd64.buildinfo
Checksums-Sha256:
 1bc0d97745d7a9e51c8e068a1914f594439a2d70a8c5e9a53d97b3618a38d1de 2157 tiff_4.0.8-4.dsc
 36c008179ae08d6958cd9fcd75f82c082624bf55e2c4e6ca0e1af59ea4d75d9c 23340 tiff_4.0.8-4.debian.tar.xz
 e93543cd991eddc14e5156560cfa679f35953987638443a6886abab57ae25132 395568 libtiff-doc_4.0.8-4_all.deb
 185a5df7dd15d1bce1df3209ee21e497a31a44473bdd12cadcbf5d21d6ef8e5e 14156 libtiff-opengl-dbgsym_4.0.8-4_amd64.deb
 937148d4787b80ef328d39fb58b8346821a210d5c996239bcc9a7c9f89eefb53 100116 libtiff-opengl_4.0.8-4_amd64.deb
 5af1c48fd20f868d43b6daaa5c69f41e95fe38248399a8ba4cb732e1c6146a79 351672 libtiff-tools-dbgsym_4.0.8-4_amd64.deb
 67985b39714f03787ab46f8f4d749c2f5bd0ce5ecfa051a0eaee4729c077d78e 280930 libtiff-tools_4.0.8-4_amd64.deb
 ce4be3ea9728218c8aa4d449fb8039f98e0a86b0a78070a57db503c02847711a 370934 libtiff5-dbgsym_4.0.8-4_amd64.deb
 0ffcc335d837722e3bb45b01f567a08b0d18b8ddedac2a867a82530133cb4946 359904 libtiff5-dev_4.0.8-4_amd64.deb
 de9b16287dc089f046c5cf689294a59a0f06db8aadd5595e0fbab81ad47f3294 237216 libtiff5_4.0.8-4_amd64.deb
 02ed48dac844bbd86619b0a08be2679696164941a256c560a10143530442bbac 21006 libtiffxx5-dbgsym_4.0.8-4_amd64.deb
 e75a64bc1f5436bef7854060e58cb4205e2002bf67c547bb4907ddfb896d4d1d 95436 libtiffxx5_4.0.8-4_amd64.deb
 18d84a483cf43d0bfba890cf7f37c61336ba1233a7297d5a22c2f190ac5decff 10955 tiff_4.0.8-4_amd64.buildinfo
Files:
 8ceea2faba9143d0e55ee7bf3583f9e6 2157 libs optional tiff_4.0.8-4.dsc
 f02e4805c27673064c762c5a43148c40 23340 libs optional tiff_4.0.8-4.debian.tar.xz
 4f9054a6d1810283af1b7368fb645a81 395568 doc optional libtiff-doc_4.0.8-4_all.deb
 7d3ec5c5d8903535e376b7403f778719 14156 debug extra libtiff-opengl-dbgsym_4.0.8-4_amd64.deb
 8ec26d395871289c58ddf6ec3a736ca6 100116 graphics optional libtiff-opengl_4.0.8-4_amd64.deb
 3a3e5f3b6aea02545926bcf94050c47c 351672 debug extra libtiff-tools-dbgsym_4.0.8-4_amd64.deb
 699aa03928b002302008cd7e89a4e5f3 280930 graphics optional libtiff-tools_4.0.8-4_amd64.deb
 74ff1440c2d353dc1b7318f232dbc9ba 370934 debug extra libtiff5-dbgsym_4.0.8-4_amd64.deb
 00dba6bf85c2bb7e50974adb434ac7cb 359904 libdevel optional libtiff5-dev_4.0.8-4_amd64.deb
 b5ad387ccd850e909ae5dee5c699a8c3 237216 libs optional libtiff5_4.0.8-4_amd64.deb
 c7a3ddb38994e9f22917969d42600cb9 21006 debug extra libtiffxx5-dbgsym_4.0.8-4_amd64.deb
 52b9ec0f0d051e9e64473c23c3d7c840 95436 libs optional libtiffxx5_4.0.8-4_amd64.deb
 99692e3f695e2fd25ba3668ef5ac55e9 10955 libs optional tiff_4.0.8-4_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAllrTegACgkQ3OMQ54ZM
yL/DJw//eBl/EZ/CkdloZwMBh03+itw0buJd8E/h4uBFzYvdOTDZdiH6dyt763hf
a8gzWUAe+N1Qqh4PHDTXRd9zcFlBS5EHakRpxsRM1z3a27v2KbJ116IxbCOqYtgt
Lp0FGjNqbY0oK/qHMdx7wAtuA+sVJE7f0t/Rf6ustgkjcQmJxdT5uWXOJ9xEu+wz
wuZsg/s7ncT0mFg466qRKh9OtrfxLOy7jq1vZ/jO/nCyatAdk0xFmdXI1biDkXFf
ISJhCCGyYi50CSq7rvvehAI4WsQQIlrbOx41/bngQyemKG4ANP/S8JNjVfOedbnf
Zdnaa8yR2o/tO0BcqED+4o9R6V/7d1pQdi2/GrYouzxVxYEQq8mAFkssu1E2CSfF
H++lI+a4wFvmjrZKj9jPCiY0WR7P2h+rYFPcUiojMCr5p6db7oHi0F0PCKXPqJeL
sFOJ/i8sKUmPk6pp7PcRbBmJCTvwX1S8pAMAytId4nQUjeaGpNiUuB2h7CRuvQer
53c9WYsQZCuZhHtbn3UFt7+T3gjBPLJap5lgvSt7XSTeNejOUQfuPTPQPYMVr3v3
CpLtf29bPXFUWS+NsCOHXzH/wnn7d3Ix9CCDmn4va8r2OHxUs/EaFP78rAvKHPxd
ysSvP8/DKPhGLX5ClRYpIs48fv192W/9jI6ccRmbWbkmqLx5+0Q=
=mNR7
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.