tiff: CVE-2016-10095: stack-based buffer overflow in _TIFFVGetField (tif_dir.c)

Debian Bug report logs - #850316
tiff: CVE-2016-10095: stack-based buffer overflow in _TIFFVGetField (tif_dir.c)

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: tiff: CVE-2016-10095: stack-based buffer overflow in _TIFFVGetField (tif_dir.c)

Date: Thu, 05 Jan 2017 21:33:55 +0100

Source: tiff
Version: 4.0.7-3
Severity: important
Tags: security upstream
Forwarded: http://bugzilla.maptools.org/show_bug.cgi?id=2625

Hi,

the following vulnerability was published for tiff.

CVE-2016-10095[0]:
stack-based buffer overflow in _TIFFVGetField (tif_dir.c)

No patch is available upstream TTBOMK so far. The issue can be
verified by a ASAN build of tiff, using the reproducer file with
tiffsplit.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-10095
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10095
[1] http://bugzilla.maptools.org/show_bug.cgi?id=2625

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Message #12 received at 850316-close@bugs.debian.org (full text, mbox, reply):

From: Laszlo Boszormenyi (GCS) <gcs@debian.org>

To: 850316-close@bugs.debian.org

Subject: Bug#850316: fixed in tiff 4.0.8-2

Date: Thu, 01 Jun 2017 22:05:39 +0000

Source: tiff
Source-Version: 4.0.8-2

We believe that the bug you reported is fixed in the latest version of
tiff, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 850316@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <gcs@debian.org> (supplier of updated tiff package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 01 Jun 2017 17:56:08 +0000
Source: tiff
Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl libtiff-doc
Architecture: source all amd64
Version: 4.0.8-2
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
 libtiff-doc - TIFF manipulation and conversion documentation
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff5   - Tag Image File Format (TIFF) library
 libtiff5-dev - Tag Image File Format library (TIFF), development files
 libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 850316 863185
Changes:
 tiff (4.0.8-2) unstable; urgency=high
 .
   * Backport security fixes:
     - TIFFYCbCrToRGBInit(): stricter clamping to avoid int32 overflow in
       TIFFYCbCrtoRGB(),
     - initYCbCrConversion(): stricter validation for refBlackWhite
       coefficients values - to avoid invalid float->int32 conversion,
     - CVE-2016-10095 and CVE-2017-9147: add _TIFFCheckFieldIsValidForCodec()
       and use it in TIFFReadDirectory() (closes: #850316, #863185).
   * Add required _TIFFCheckFieldIsValidForCodec@LIBTIFF_4.0 symbol to the
     libtiff5 package.
Checksums-Sha1:
 74667cf1ccaae22f7f9ea26bebfa1a03485cbd10 2157 tiff_4.0.8-2.dsc
 2a70827d57a9841489c3a5e40f8f1024363f390e 19188 tiff_4.0.8-2.debian.tar.xz
 e144d56e140d90fa86da34f016bd29c03e9e61a4 395066 libtiff-doc_4.0.8-2_all.deb
 c55982176922fcc040cd32c21c29b9eb28f42b75 14172 libtiff-opengl-dbgsym_4.0.8-2_amd64.deb
 ccd7887b21b946d92343eb60e58ece4e12de4eb8 99594 libtiff-opengl_4.0.8-2_amd64.deb
 6da9bfc52a17034d96401aed3733b50a211ff57e 351934 libtiff-tools-dbgsym_4.0.8-2_amd64.deb
 f4475b04b9c6bc9bc381812d3b0047336fd9a64f 280508 libtiff-tools_4.0.8-2_amd64.deb
 4536a42c6c4d0828a55e483bc7075fab35e057bc 370542 libtiff5-dbgsym_4.0.8-2_amd64.deb
 fc86f90db2cbf9f9a371fdca0fe561d8b02da154 358750 libtiff5-dev_4.0.8-2_amd64.deb
 55bd5ea906393299a134b308e3837d2d4957ea18 236600 libtiff5_4.0.8-2_amd64.deb
 19f8968510b5f0edfcf7f5356d8689b7c8cc9988 21040 libtiffxx5-dbgsym_4.0.8-2_amd64.deb
 3c08bdac509b8df2b9d0894f33c98636969941c3 94906 libtiffxx5_4.0.8-2_amd64.deb
 9a12c24660c38ffd4575a46a2e217d7730518c2d 11099 tiff_4.0.8-2_amd64.buildinfo
Checksums-Sha256:
 15ca8c6ade70db7ab3baf2a26cf33a13732617d3cd68dc7f78d0bf12c812449f 2157 tiff_4.0.8-2.dsc
 cfa2a2afd36a139993daf1b321dd614052f412ba239251b91474e764b78152eb 19188 tiff_4.0.8-2.debian.tar.xz
 ba5f5ede7682f18408746477d1054f847ce3bbc5f1369a5bb70d3aadb290d05e 395066 libtiff-doc_4.0.8-2_all.deb
 106b849bd9a1f50aa224c26564433f94bab3f4f783d3feec4b21c0121823dd61 14172 libtiff-opengl-dbgsym_4.0.8-2_amd64.deb
 97ec6475857fe931b5d00d021ae04ef123aeefab3b9050050a383942212759b7 99594 libtiff-opengl_4.0.8-2_amd64.deb
 2443f754cd5e94b73097003bd8e3987f6770e80105e87f9a6927790440d9cec4 351934 libtiff-tools-dbgsym_4.0.8-2_amd64.deb
 36cf4f0005176f388ed027b5f7157bd2a4f2bb91519d3485bb64c8b0482bfbd5 280508 libtiff-tools_4.0.8-2_amd64.deb
 755b6a28e88d6495775544ea63e4d10fd7a85aba6a1bc50a6349a8a980bbc41b 370542 libtiff5-dbgsym_4.0.8-2_amd64.deb
 6cc9c5733bf107da12104926984b4b139db2747d04a3b476d9918ed8d63f4d01 358750 libtiff5-dev_4.0.8-2_amd64.deb
 e8ffe24898dd195fbc985eca349d81b58a35db3bbb2b2d2a4b8477e4d55700db 236600 libtiff5_4.0.8-2_amd64.deb
 ee8104808a8adf95aea18a5960fd7f74c280e6afddd62668d4a3368b0e1ddfe9 21040 libtiffxx5-dbgsym_4.0.8-2_amd64.deb
 6241b4956dd9ae141685d3923c2f40773f542c88815acd253bbb674061a2cbf8 94906 libtiffxx5_4.0.8-2_amd64.deb
 260b556684a79d5507f6c134712a324afc2538e9af80c1900495b05e4117e04b 11099 tiff_4.0.8-2_amd64.buildinfo
Files:
 32b9fe9e69e9c39153e45f724a9732f5 2157 libs optional tiff_4.0.8-2.dsc
 22a285ce0e5f9a03ac66ec6ed2a8557d 19188 libs optional tiff_4.0.8-2.debian.tar.xz
 e4a1b5727fe8fb5720f404d3dacaa863 395066 doc optional libtiff-doc_4.0.8-2_all.deb
 a1cc2e73d3ec2c0d0e30af7028f5a1e6 14172 debug extra libtiff-opengl-dbgsym_4.0.8-2_amd64.deb
 7bb73349265b5055f4985464c40f74c1 99594 graphics optional libtiff-opengl_4.0.8-2_amd64.deb
 c79e4ceffc32adb74fdca7ede9a4f0e0 351934 debug extra libtiff-tools-dbgsym_4.0.8-2_amd64.deb
 0d3fbd84dd44f5c9eddc4ef27d49ab87 280508 graphics optional libtiff-tools_4.0.8-2_amd64.deb
 6d48976c0332fa3cb0877522024bb682 370542 debug extra libtiff5-dbgsym_4.0.8-2_amd64.deb
 2dc5ec4187ca7d83200af5f2a114539b 358750 libdevel optional libtiff5-dev_4.0.8-2_amd64.deb
 cd26a05cf4c6b169090ee7716de23d68 236600 libs optional libtiff5_4.0.8-2_amd64.deb
 36dd605aa60ea86b97417fe1eb47f5bc 21040 debug extra libtiffxx5-dbgsym_4.0.8-2_amd64.deb
 44696792b65c4c538b1479a440f869fe 94906 libs optional libtiffxx5_4.0.8-2_amd64.deb
 94abee929468237eed4375ad71836934 11099 libs optional tiff_4.0.8-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlkwi2AACgkQ3OMQ54ZM
yL+RGw//aFwk+81WTum+lAdYat5l3HBqPPRkQAUM9Ay3Isoh596SU3LJK6Uo7HXr
BXwSP/uEeGojyHATOzUcxNzmrCk66TVHgmJvQiANnTJ/0S7tIc1CyygpGcau3PJV
ZKwPtieLnR9gZftE4SR19Gu1cOpyCZt+1ftLgCv9AdqEdpadU0W9uEp3zMMeqEL7
Iu3nvIIutUmJGmBAI1q4rtn1U8CJbwOb3kBDCJeHuKqlRJnAln9PBXhWYywPMyLf
N1izR6AllGw84d3TztpCZLFtsVl4L17t8Y8WgAmi4cDHLcEyIeeRkklU4E2vgPLn
A2yKotAmZs9ty/8I8DupkxzAdQ3tAmvIStXD6Ccp5euVRyga9t07RlN1SgOJpzcC
UoKzedKx5aZLN1oxiyZsvu2yN9WbLtZJmeqpuPEd832Xopcrj1QPJPFtVMGdmmpa
ZLdJytO0rd7kX/OMCP/IVGC1JVVMZhI8obf1HugLeCRDA08tht7OMacaQdgL33Pr
mxSZrUe8M7wS/EV36OBylUjN/6hKm6Fzw3aCsSuJqo9Fgi3czL5o7Vr4Z8K6RuF+
hc473UXpJrogyUHcZMDwvpEQLasU0iC/atCyiyddSU1/WLBgRifCrQEBrIoZ2GS4
JeCtBFpIfUOfzpHGpDNdLU8qhR3xHh4/7wnmb+BBn9QaK8+72nI=
=Appj
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.