tiff: CVE-2016-3621: Out-of-bounds Read in the bmp2tiff tool

Debian Bug report logs - #820364
tiff: CVE-2016-3621: Out-of-bounds Read in the bmp2tiff tool

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: tiff: CVE-2016-3621: Out-of-bounds Read in the bmp2tiff tool

Date: Thu, 07 Apr 2016 20:49:03 +0200

Source: tiff
Version: 4.0.2-6
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for tiff.

CVE-2016-3621[0]:
Out-of-bounds Read in the bmp2tiff tool

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-3621

Regards,
Salvatore

Message #10 received at 820364-close@bugs.debian.org (full text, mbox, reply):

From: Laszlo Boszormenyi (GCS) <gcs@debian.org>

To: 820364-close@bugs.debian.org

Subject: Bug#820364: fixed in tiff 4.0.6-3

Date: Mon, 31 Oct 2016 18:37:29 +0000

Source: tiff
Source-Version: 4.0.6-3

We believe that the bug you reported is fixed in the latest version of
tiff, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 820364@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <gcs@debian.org> (supplier of updated tiff package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 31 Oct 2016 15:56:56 +0000
Source: tiff
Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl libtiff-doc
Architecture: source all amd64
Version: 4.0.6-3
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
 libtiff-doc - TIFF manipulation and conversion documentation
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff5   - Tag Image File Format (TIFF) library
 libtiff5-dev - Tag Image File Format library (TIFF), development files
 libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 806118 820363 820364 820366 827484 842046 842361
Changes:
 tiff (4.0.6-3) unstable; urgency=high
 .
   * Fix architecture independent only build (closes: #806118).
   * Fix CVE-2015-8668 , CVE-2016-3619 , CVE-2016-3620 (closes: #820363),
     CVE-2016-3621 (closes: #820364) and CVE-2016-5319 with removing bmp2tiff
     (closes: #820364).
   * Fix CVE-2016-3186 and CVE-2016-5102 with removing gif2tiff.
   * Fix CVE-2016-3631 (closes: #820366), CVE-2016-3632 , CVE-2016-3633 ,
     CVE-2016-3634 and CVE-2016-8331 with removing thumbnail.
   * Backport upstream fix for CVE-2016-3623 and CVE-2016-3624 .
   * Backport upstream fix for CVE-2016-5652 (closes: #842361).
   * Backport upstream fix for CVE-2016-3658 .
   * Removed vulnerable, unsupported tools (closes: #827484, #842046).
   * Comment out Vcs fields for now.
Checksums-Sha1:
 6ac594135986bfc8582960ef5363a2f3d5d0da4b 2125 tiff_4.0.6-3.dsc
 41442e7e0e7e52f26c5904e702f1a42d44a0eb16 22272 tiff_4.0.6-3.debian.tar.xz
 d031abfb56b856d7bd9ac513221c9d37eeaa2288 379998 libtiff-doc_4.0.6-3_all.deb
 2c61e0190c481b57697416ff71712138e452b1a8 14168 libtiff-opengl-dbgsym_4.0.6-3_amd64.deb
 afe9b2261a4a63339a3d2d1196856a32b5e3fa86 89684 libtiff-opengl_4.0.6-3_amd64.deb
 8478d69d2b25bb22d665c7132e64103d5902bd1e 368220 libtiff-tools-dbgsym_4.0.6-3_amd64.deb
 35e9ab5ca68612e7b0aafcc972fa1f41dc264931 280586 libtiff-tools_4.0.6-3_amd64.deb
 243b949e5d090c4d48c496d5b5a44bd449e3681a 364606 libtiff5-dbgsym_4.0.6-3_amd64.deb
 499919b774164c43ba1601e1c69de320f13ed900 345336 libtiff5-dev_4.0.6-3_amd64.deb
 72c0e6fa1eac961744647882a03c8c4099ad51bd 223642 libtiff5_4.0.6-3_amd64.deb
 03440cd5d36aa2a9b86c8c69550d63c517745c29 21030 libtiffxx5-dbgsym_4.0.6-3_amd64.deb
 6976a5c87b56b90f0b67a9cdf58e10062b515812 85006 libtiffxx5_4.0.6-3_amd64.deb
Checksums-Sha256:
 4630f34a2f56a90eff104bf01dcb843f21683f883eb4135f52782af111deaae2 2125 tiff_4.0.6-3.dsc
 cc650116c1dafed9c3721302f91e5e79b670f46712ebf2b86dea989c102e5c94 22272 tiff_4.0.6-3.debian.tar.xz
 fa0889b7e6f5fedbb2d7bdf3b690554626b7df127ef87d80854d8cc0f4fb8c6b 379998 libtiff-doc_4.0.6-3_all.deb
 f173c0b0b733e677318361754d4b780886fe736924ff7c3c4b6663c834087f60 14168 libtiff-opengl-dbgsym_4.0.6-3_amd64.deb
 3f00e3ec6e6380aa3b844b9ca00436cb53980653f615ec52208e9fced6cd66f8 89684 libtiff-opengl_4.0.6-3_amd64.deb
 9ed11b5e9e6cfe306b5d2ebbe4f7ec8e02b687a021cd7f6a201c1c11303fdbed 368220 libtiff-tools-dbgsym_4.0.6-3_amd64.deb
 8fa576acbeed1684b40ae5df2e01f9a9dac441047ff31ee6c36d7cc0c81038d9 280586 libtiff-tools_4.0.6-3_amd64.deb
 2f4b68d804b6bead2e75b57080f34f0b434603259078e93071eecc1b723e1c5d 364606 libtiff5-dbgsym_4.0.6-3_amd64.deb
 a7a9d4a12f3f7ecc3046f547e355cb603188f6fda01c1004f95e8fe73d6f36bf 345336 libtiff5-dev_4.0.6-3_amd64.deb
 aa9a7cb3a97a2d905ce64c70bbfca5be786f748626201ab63080d8c4b65b90b9 223642 libtiff5_4.0.6-3_amd64.deb
 a494a6d7a6839a26de4aa8b8bf9bc77f1d7fff0ec40d949f8418682c827e9812 21030 libtiffxx5-dbgsym_4.0.6-3_amd64.deb
 abc0ebebf8cc9a6d435d7de2a9727ef88f22e372c5913cccf1e269375d25e246 85006 libtiffxx5_4.0.6-3_amd64.deb
Files:
 0a8a138bc6008f744876b7a5c8691b16 2125 libs optional tiff_4.0.6-3.dsc
 fcb21a8a386503cbd362af98c60365e0 22272 libs optional tiff_4.0.6-3.debian.tar.xz
 8eaa2492b836296d796fc390be952965 379998 doc optional libtiff-doc_4.0.6-3_all.deb
 32d324c30e02c212d77dc6c14ef288b1 14168 debug extra libtiff-opengl-dbgsym_4.0.6-3_amd64.deb
 e256eed1e6dea1bc8438b3eb489b6662 89684 graphics optional libtiff-opengl_4.0.6-3_amd64.deb
 b14d2a5183f86e062e8a5d254ce806e7 368220 debug extra libtiff-tools-dbgsym_4.0.6-3_amd64.deb
 4a0480d8fbdb951930ff019de29ad4ca 280586 graphics optional libtiff-tools_4.0.6-3_amd64.deb
 0ed4f33d0e2cffd10823177fe026708a 364606 debug extra libtiff5-dbgsym_4.0.6-3_amd64.deb
 5eb7d7aaf9ac58b01da3c4afe1dc580d 345336 libdevel optional libtiff5-dev_4.0.6-3_amd64.deb
 9258ce56617e521e2da40302f198d1f4 223642 libs optional libtiff5_4.0.6-3_amd64.deb
 543149b9327c224d748e0bc8644c45f7 21030 debug extra libtiffxx5-dbgsym_4.0.6-3_amd64.deb
 50c3e8d4ae3341d410a7de912aac1a4a 85006 libs optional libtiffxx5_4.0.6-3_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJYF4kNAAoJENzjEOeGTMi/0Y0P/1pEjOoOUGV5YcZaPvQEH8Rf
nyvWN6t0ScPsPX4QF+8pHa1dI562Hw0M89Xpxv2zyB6XosejtdNLXppTt70MnYw6
P/2/tiHh/S/OWTfsVNEmIDy4X02JOziYc3JenczXDZx3UX8UYxybFXLO0M/Fcceh
0uFNIbk7Z+3UeODC7r/zks2B3L8mVQki7y3Iol7ePxRJseQlKmg0SCfWhCH07cn3
H00a5Na4shIvGbOl597RL8gmuZ6aeYlMyjB0xpIvUg34POoL3nhc2K53qNKjpV2s
WP8kHk5QU3aEv6qj1oxHdFqUhCxd0E48W8xFmED02zg/0eP3y5iMPD/d9yWwsHF/
ZPuheE4LwPSy33KNFg5q4E08UhvYDrqWrgJEBl11FrPCPS4AHBPjI8AO1xJyNsjD
EeFJpLUPQ1bPu/K8i6cQk9Eh4jPq/Sz2fWX0J8eqpap/vFp2E5Q8gJIfVhHM9J8S
js5MTlTJh0S1sxhbsW93ZcluVs6Hom9wp1p/XnTvYuy0/sm6UcN66ez1N+Acqmfe
Cupwd01THiR9RR9GDgI440lD9WA6WUXhN47oZMjnqoPCLXzIzLT2rfMX8v5Sn2AM
55ybTa1WhR0ToNb0rlCa9RJf5Zzf/3m9XOenUOO/yCY2tKfTce0EblrUIbp+xiXF
AuqM8VzIbk5XDIALDMZ7
=+Sd1
-----END PGP SIGNATURE-----

Message #19 received at 820364-close@bugs.debian.org (full text, mbox, reply):

From: Laszlo Boszormenyi (GCS) <gcs@debian.org>

To: 820364-close@bugs.debian.org

Subject: Bug#820364: fixed in tiff 4.0.3-12.3+deb8u2

Date: Sun, 15 Jan 2017 23:02:56 +0000

Source: tiff
Source-Version: 4.0.3-12.3+deb8u2

We believe that the bug you reported is fixed in the latest version of
tiff, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 820364@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <gcs@debian.org> (supplier of updated tiff package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 21 Nov 2016 21:32:06 +0000
Source: tiff
Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl libtiff-doc
Architecture: source all amd64
Version: 4.0.3-12.3+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Ondřej Surý <ondrej@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
 libtiff-doc - TIFF manipulation and conversion documentation
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff5   - Tag Image File Format (TIFF) library
 libtiff5-dev - Tag Image File Format library (TIFF), development files
 libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 819972 820362 820363 820364 820365 820366 830700 836570 842046 842270 842361 844013 844057 844226
Changes:
 tiff (4.0.3-12.3+deb8u2) jessie-security; urgency=high
 .
   * Backport fix for the following vulnerabilities:
     - CVE-2016-5314 , CVE-2016-5315 , CVE-2016-5316, CVE-2016-5317: several
       out of bound writes in the rgb2ycbcr tool (closes: #830700),
     - CVE-2016-5320, rgb2ycbcr: command excution,
     - CVE-2016-5875, heap-based buffer overflow when using the PixarLog
       compression format,
     - CVE-2016-6223, information leak in libtiff/tif_read.c (closes: #842270),
     - CVE-2016-5321: DumpModeDecode() DoS,
     - CVE-2016-5323: _TIFFFax3fillruns() NULL pointer dereference,
     - CVE-2016-3945: out-of-bounds write in the tiff2rgba tool,
     - CVE-2016-3990: out-of-bounds write in horizontalDifference8() in tiffcp
       tool (closes: #836570),
     - CVE-2016-3991: heap-based buffer overflow in the loadImage function in
       the tiffcrop tool,
     - CVE-2016-5322: extractContigSamplesBytes: out-of-bounds read in the
       tiffcrop tool,
     - CVE-2016-3623: rgb2ycbcr tool DoS by setting the (1) '-v' or (2) '-h'
       parameter to 0 ,
     - CVE-2016-9533: PixarLog horizontalDifference heap-buffer-overflow,
     - CVE-2016-9534: TIFFFlushData1 heap-buffer-overflow,
     - CVE-2016-9535: Predictor heap-buffer-overflow,
     - CVE-2016-9536: t2p_process_jpeg_strip heap-buffer-overflow,
     - CVE-2016-9537: out-of-bounds write vulnerabilities in buffers of
       tiffcrop,
     - CVE-2016-9538: read of undefined buffer in readContigStripsIntoBuffer()
       due to uint16 overflow,
     - CVE-2016-9540: out-of-bounds write on tiled images,
     - CVE-2016-3624: rgb2ycbcr tool DoS by setting the '-v' option to -1 ,
     - CVE-2016-3622: divide-by-zero error in the tiff2rgba tool
       (closes: #820365),
     - CVE-2016-5652: fix write buffer overflow of 2 bytes on JPEG compressed
       images (closes: #842361),
     - CVE-2016-9453: out-of-bounds write memcpy in tiff2pdf tool,
     - CVE-2016-9273: read outsize of array in tiffsplit tool
       (closes: #844013),
     - CVE-2016-9532: heap buffer overflow via writeBufferToSeparateStrips in
       the tiffcrop tool (closes: #844057),
     - CVE-2016-9297: potential read outside buffer in _TIFFPrintField()
       (closes: #844226),
     - CVE-2016-9448: invalid read of size 1 in TIFFFetchNormalTag, regression
       of CVE-2016-9297 ,
     - CVE-2016-10092: heap-buffer-overflow in tiffcrop,
     - CVE-2016-10093: uint32 underflow/overflow that can cause heap-based
       buffer overflow in tiffcp,
     - CVE-2016-10094: off-by-one error in tiff2pdf.
   * Fix CVE-2015-8668 (closes: #842046), CVE-2016-3619 (closes: #820362),
     CVE-2016-3620 (closes: #820363), CVE-2016-3621 (closes: #820364) and
     CVE-2016-5319 with removing bmp2tiff.
   * Fix CVE-2016-3186 (closes: #819972) and CVE-2016-5102 with removing
     gif2tiff.
   * Fix CVE-2016-3631 (closes: #820366), CVE-2016-3632 , CVE-2016-3633 ,
     CVE-2016-3634 and CVE-2016-8331 with removing thumbnail.
   * Remove no longer supported ras2tiff tool.
Checksums-Sha1:
 4052058e8fd2efd8b544d1b4e35fea6b6defd0cf 2240 tiff_4.0.3-12.3+deb8u2.dsc
 db2da0c828ce0a15737416cb9cb7643f02e92616 43512 tiff_4.0.3-12.3+deb8u2.debian.tar.xz
 0f55b35ee2815838d80d5aa5b7f82f56c15d854b 367184 libtiff-doc_4.0.3-12.3+deb8u2_all.deb
 5a1829166804a852ee42c0e408d611601a346628 215942 libtiff5_4.0.3-12.3+deb8u2_amd64.deb
 b92399d76710777d1a3451a9f61631096b9a056b 77704 libtiffxx5_4.0.3-12.3+deb8u2_amd64.deb
 16b7f8455de19d1bdd3bc5d875789dc490ab9d2e 337848 libtiff5-dev_4.0.3-12.3+deb8u2_amd64.deb
 7f37a7d6a07f06141e894001e8f003714b16b1d8 271252 libtiff-tools_4.0.3-12.3+deb8u2_amd64.deb
 54efbc23cbbfa0bd7fccc99a9081d6d3f6e16689 82632 libtiff-opengl_4.0.3-12.3+deb8u2_amd64.deb
Checksums-Sha256:
 6a2dd52c52bccdc8404be32a55c2e26fa0077736a5d8e3644123e6155866ac45 2240 tiff_4.0.3-12.3+deb8u2.dsc
 0f5eb5da8fd6c9b334db2cb715e9c747e1173e5f9288daeb2036108f9cfefb90 43512 tiff_4.0.3-12.3+deb8u2.debian.tar.xz
 07721f9c8f003409a7a9d5624322965b40c12086efa08357633de75bbdbd696f 367184 libtiff-doc_4.0.3-12.3+deb8u2_all.deb
 82cbbffc6b090e3d3e09fa7fb37bf769666cba2bbf491501a432b9fb2599e509 215942 libtiff5_4.0.3-12.3+deb8u2_amd64.deb
 8cb55ed976a3c3b666fb0b7c592342f7e8b922b9a6d8b3a16553c55c36524032 77704 libtiffxx5_4.0.3-12.3+deb8u2_amd64.deb
 9f1cbe3f873941297d0ea6d2c895f3e55438c217a66116ad24aefad6c509c6fd 337848 libtiff5-dev_4.0.3-12.3+deb8u2_amd64.deb
 e10dd63cf1f220c10bfad4c7d056e4e66477516450d97a97c812e8652b0391c9 271252 libtiff-tools_4.0.3-12.3+deb8u2_amd64.deb
 d34db3e2fe021b48da1e59a8dfc17fc64aaddeaae8d143e9357957de4d565542 82632 libtiff-opengl_4.0.3-12.3+deb8u2_amd64.deb
Files:
 3a9ad683bac10d3fb3684776b8c52069 2240 libs optional tiff_4.0.3-12.3+deb8u2.dsc
 dc4dc19c4eee7afe95855f46437f8b4b 43512 libs optional tiff_4.0.3-12.3+deb8u2.debian.tar.xz
 a3014e24d81a15273b26d2f075a92c86 367184 doc optional libtiff-doc_4.0.3-12.3+deb8u2_all.deb
 d2bf6666f4c5bcdf348ff9b253b9440f 215942 libs optional libtiff5_4.0.3-12.3+deb8u2_amd64.deb
 eaf0a311b4be823f9bc55f07e8d66094 77704 libs optional libtiffxx5_4.0.3-12.3+deb8u2_amd64.deb
 3ef5f421142ec36ad2ac0e1396c22792 337848 libdevel optional libtiff5-dev_4.0.3-12.3+deb8u2_amd64.deb
 734952555b4a3d4a342c345cd8b44f04 271252 graphics optional libtiff-tools_4.0.3-12.3+deb8u2_amd64.deb
 7314ac1e3d277e4b1b46e914ed13dee4 82632 graphics optional libtiff-opengl_4.0.3-12.3+deb8u2_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlh4+CIACgkQEMKTtsN8
TjY+3A//YsfuShAmJbxrQ+XCz4YrYgOMc69eYbZ4dpWxgb0VAg0BLoKNan/tFLRa
ehIEczIKr8c2TRIeEnUwP97iKCQ9hzbxtksHc4hCJ3Yj/u4jmOc+FcYyUT2zfBHr
dZwNUBY3J8id9ZEW+9KyA6UXpSpbMTRwORnOv+IcBlamQmKI/WF/2JfpzJ3LW9BJ
+YZO+SINWASEcvJdX7rA3LM+wMuu/KuYos18l4qq+U6sAClpa1WmhgYr1Wb60SvU
kyWUafll67voyfq9hYLupZczXgutjVt+vwJ8UUwpnPM0Z7MKIhAebaAx97iwCGxU
3NmszdWELss0fjDUzrXEbnvBe2ovhIU2vRVnju28T0YahvE/PO8rLbPwr8ZWDqRh
ebNHqeiGu1Jn6ZYlUiBCp6IH6Y0cMaXMASfgeW5t16PRy8vasIGWsxFg7mJfNHu8
0ZkLchJcHKX9I4pAVZXKswQ7c+sPgWRItrMFHqcYQcpD6+wvo93iHM3clF65iy3q
1OaAmigv8I3PpibEFNR8EiErDiXNvvNwv+Y54cjrRbJ+BdsdaUZU3WXofBCuEa1P
IcvAkdlRV4ZPhFLtKzW+o3NmRUsHmmldlDBdHMZsDMiuWKI3weNjH1vuVQCswC64
8C6QXtcbphG9CM/58nejWD2vFGqQdThaJv5vcMXj5S2hBIgMglI=
=ZVkd
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.