tiff: CVE-2016-3619: Memory corruption in DumpModeEncode triggered by crafted bmp file

Debian Bug report logs - #820362
tiff: CVE-2016-3619: Memory corruption in DumpModeEncode triggered by crafted bmp file

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: tiff: CVE-2016-3619: Memory corruption in DumpModeEncode triggered by crafted bmp file

Date: Thu, 07 Apr 2016 20:47:29 +0200

Source: tiff
Version: 4.0.2-6
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for tiff.

CVE-2016-3619[0]:
Memory corruption in DumpModeEncode triggered by crafted bmp file

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-3619

Regards,
Salvatore

Message #10 received at 820362-close@bugs.debian.org (full text, mbox, reply):

From: Laszlo Boszormenyi (GCS) <gcs@debian.org>

To: 820362-close@bugs.debian.org

Subject: Bug#820362: fixed in tiff 4.0.3-12.3+deb8u2

Date: Sun, 15 Jan 2017 23:02:56 +0000

Source: tiff
Source-Version: 4.0.3-12.3+deb8u2

We believe that the bug you reported is fixed in the latest version of
tiff, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 820362@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <gcs@debian.org> (supplier of updated tiff package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 21 Nov 2016 21:32:06 +0000
Source: tiff
Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl libtiff-doc
Architecture: source all amd64
Version: 4.0.3-12.3+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Ondřej Surý <ondrej@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
 libtiff-doc - TIFF manipulation and conversion documentation
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff5   - Tag Image File Format (TIFF) library
 libtiff5-dev - Tag Image File Format library (TIFF), development files
 libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 819972 820362 820363 820364 820365 820366 830700 836570 842046 842270 842361 844013 844057 844226
Changes:
 tiff (4.0.3-12.3+deb8u2) jessie-security; urgency=high
 .
   * Backport fix for the following vulnerabilities:
     - CVE-2016-5314 , CVE-2016-5315 , CVE-2016-5316, CVE-2016-5317: several
       out of bound writes in the rgb2ycbcr tool (closes: #830700),
     - CVE-2016-5320, rgb2ycbcr: command excution,
     - CVE-2016-5875, heap-based buffer overflow when using the PixarLog
       compression format,
     - CVE-2016-6223, information leak in libtiff/tif_read.c (closes: #842270),
     - CVE-2016-5321: DumpModeDecode() DoS,
     - CVE-2016-5323: _TIFFFax3fillruns() NULL pointer dereference,
     - CVE-2016-3945: out-of-bounds write in the tiff2rgba tool,
     - CVE-2016-3990: out-of-bounds write in horizontalDifference8() in tiffcp
       tool (closes: #836570),
     - CVE-2016-3991: heap-based buffer overflow in the loadImage function in
       the tiffcrop tool,
     - CVE-2016-5322: extractContigSamplesBytes: out-of-bounds read in the
       tiffcrop tool,
     - CVE-2016-3623: rgb2ycbcr tool DoS by setting the (1) '-v' or (2) '-h'
       parameter to 0 ,
     - CVE-2016-9533: PixarLog horizontalDifference heap-buffer-overflow,
     - CVE-2016-9534: TIFFFlushData1 heap-buffer-overflow,
     - CVE-2016-9535: Predictor heap-buffer-overflow,
     - CVE-2016-9536: t2p_process_jpeg_strip heap-buffer-overflow,
     - CVE-2016-9537: out-of-bounds write vulnerabilities in buffers of
       tiffcrop,
     - CVE-2016-9538: read of undefined buffer in readContigStripsIntoBuffer()
       due to uint16 overflow,
     - CVE-2016-9540: out-of-bounds write on tiled images,
     - CVE-2016-3624: rgb2ycbcr tool DoS by setting the '-v' option to -1 ,
     - CVE-2016-3622: divide-by-zero error in the tiff2rgba tool
       (closes: #820365),
     - CVE-2016-5652: fix write buffer overflow of 2 bytes on JPEG compressed
       images (closes: #842361),
     - CVE-2016-9453: out-of-bounds write memcpy in tiff2pdf tool,
     - CVE-2016-9273: read outsize of array in tiffsplit tool
       (closes: #844013),
     - CVE-2016-9532: heap buffer overflow via writeBufferToSeparateStrips in
       the tiffcrop tool (closes: #844057),
     - CVE-2016-9297: potential read outside buffer in _TIFFPrintField()
       (closes: #844226),
     - CVE-2016-9448: invalid read of size 1 in TIFFFetchNormalTag, regression
       of CVE-2016-9297 ,
     - CVE-2016-10092: heap-buffer-overflow in tiffcrop,
     - CVE-2016-10093: uint32 underflow/overflow that can cause heap-based
       buffer overflow in tiffcp,
     - CVE-2016-10094: off-by-one error in tiff2pdf.
   * Fix CVE-2015-8668 (closes: #842046), CVE-2016-3619 (closes: #820362),
     CVE-2016-3620 (closes: #820363), CVE-2016-3621 (closes: #820364) and
     CVE-2016-5319 with removing bmp2tiff.
   * Fix CVE-2016-3186 (closes: #819972) and CVE-2016-5102 with removing
     gif2tiff.
   * Fix CVE-2016-3631 (closes: #820366), CVE-2016-3632 , CVE-2016-3633 ,
     CVE-2016-3634 and CVE-2016-8331 with removing thumbnail.
   * Remove no longer supported ras2tiff tool.
Checksums-Sha1:
 4052058e8fd2efd8b544d1b4e35fea6b6defd0cf 2240 tiff_4.0.3-12.3+deb8u2.dsc
 db2da0c828ce0a15737416cb9cb7643f02e92616 43512 tiff_4.0.3-12.3+deb8u2.debian.tar.xz
 0f55b35ee2815838d80d5aa5b7f82f56c15d854b 367184 libtiff-doc_4.0.3-12.3+deb8u2_all.deb
 5a1829166804a852ee42c0e408d611601a346628 215942 libtiff5_4.0.3-12.3+deb8u2_amd64.deb
 b92399d76710777d1a3451a9f61631096b9a056b 77704 libtiffxx5_4.0.3-12.3+deb8u2_amd64.deb
 16b7f8455de19d1bdd3bc5d875789dc490ab9d2e 337848 libtiff5-dev_4.0.3-12.3+deb8u2_amd64.deb
 7f37a7d6a07f06141e894001e8f003714b16b1d8 271252 libtiff-tools_4.0.3-12.3+deb8u2_amd64.deb
 54efbc23cbbfa0bd7fccc99a9081d6d3f6e16689 82632 libtiff-opengl_4.0.3-12.3+deb8u2_amd64.deb
Checksums-Sha256:
 6a2dd52c52bccdc8404be32a55c2e26fa0077736a5d8e3644123e6155866ac45 2240 tiff_4.0.3-12.3+deb8u2.dsc
 0f5eb5da8fd6c9b334db2cb715e9c747e1173e5f9288daeb2036108f9cfefb90 43512 tiff_4.0.3-12.3+deb8u2.debian.tar.xz
 07721f9c8f003409a7a9d5624322965b40c12086efa08357633de75bbdbd696f 367184 libtiff-doc_4.0.3-12.3+deb8u2_all.deb
 82cbbffc6b090e3d3e09fa7fb37bf769666cba2bbf491501a432b9fb2599e509 215942 libtiff5_4.0.3-12.3+deb8u2_amd64.deb
 8cb55ed976a3c3b666fb0b7c592342f7e8b922b9a6d8b3a16553c55c36524032 77704 libtiffxx5_4.0.3-12.3+deb8u2_amd64.deb
 9f1cbe3f873941297d0ea6d2c895f3e55438c217a66116ad24aefad6c509c6fd 337848 libtiff5-dev_4.0.3-12.3+deb8u2_amd64.deb
 e10dd63cf1f220c10bfad4c7d056e4e66477516450d97a97c812e8652b0391c9 271252 libtiff-tools_4.0.3-12.3+deb8u2_amd64.deb
 d34db3e2fe021b48da1e59a8dfc17fc64aaddeaae8d143e9357957de4d565542 82632 libtiff-opengl_4.0.3-12.3+deb8u2_amd64.deb
Files:
 3a9ad683bac10d3fb3684776b8c52069 2240 libs optional tiff_4.0.3-12.3+deb8u2.dsc
 dc4dc19c4eee7afe95855f46437f8b4b 43512 libs optional tiff_4.0.3-12.3+deb8u2.debian.tar.xz
 a3014e24d81a15273b26d2f075a92c86 367184 doc optional libtiff-doc_4.0.3-12.3+deb8u2_all.deb
 d2bf6666f4c5bcdf348ff9b253b9440f 215942 libs optional libtiff5_4.0.3-12.3+deb8u2_amd64.deb
 eaf0a311b4be823f9bc55f07e8d66094 77704 libs optional libtiffxx5_4.0.3-12.3+deb8u2_amd64.deb
 3ef5f421142ec36ad2ac0e1396c22792 337848 libdevel optional libtiff5-dev_4.0.3-12.3+deb8u2_amd64.deb
 734952555b4a3d4a342c345cd8b44f04 271252 graphics optional libtiff-tools_4.0.3-12.3+deb8u2_amd64.deb
 7314ac1e3d277e4b1b46e914ed13dee4 82632 graphics optional libtiff-opengl_4.0.3-12.3+deb8u2_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlh4+CIACgkQEMKTtsN8
TjY+3A//YsfuShAmJbxrQ+XCz4YrYgOMc69eYbZ4dpWxgb0VAg0BLoKNan/tFLRa
ehIEczIKr8c2TRIeEnUwP97iKCQ9hzbxtksHc4hCJ3Yj/u4jmOc+FcYyUT2zfBHr
dZwNUBY3J8id9ZEW+9KyA6UXpSpbMTRwORnOv+IcBlamQmKI/WF/2JfpzJ3LW9BJ
+YZO+SINWASEcvJdX7rA3LM+wMuu/KuYos18l4qq+U6sAClpa1WmhgYr1Wb60SvU
kyWUafll67voyfq9hYLupZczXgutjVt+vwJ8UUwpnPM0Z7MKIhAebaAx97iwCGxU
3NmszdWELss0fjDUzrXEbnvBe2ovhIU2vRVnju28T0YahvE/PO8rLbPwr8ZWDqRh
ebNHqeiGu1Jn6ZYlUiBCp6IH6Y0cMaXMASfgeW5t16PRy8vasIGWsxFg7mJfNHu8
0ZkLchJcHKX9I4pAVZXKswQ7c+sPgWRItrMFHqcYQcpD6+wvo93iHM3clF65iy3q
1OaAmigv8I3PpibEFNR8EiErDiXNvvNwv+Y54cjrRbJ+BdsdaUZU3WXofBCuEa1P
IcvAkdlRV4ZPhFLtKzW+o3NmRUsHmmldlDBdHMZsDMiuWKI3weNjH1vuVQCswC64
8C6QXtcbphG9CM/58nejWD2vFGqQdThaJv5vcMXj5S2hBIgMglI=
=ZVkd
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.