[manjaro-security] [arch-security] [ASA-201707-18] lib32-libtiff: arbitrary code execution

Tue Jul 18 18:05:24 CEST 2017

Arch Linux Security Advisory ASA-201707-18
==========================================

Severity: Critical
Date    : 2017-07-18
CVE-ID  : CVE-2015-7554 CVE-2016-10095
Package : lib32-libtiff
Type    : arbitrary code execution
Remote  : Yes
Link    : https://security.archlinux.org/AVG-87

Summary
=======

The package lib32-libtiff before version 4.0.8-1 is vulnerable to
arbitrary code execution.

Resolution
==========

Upgrade to 4.0.8-1.

# pacman -Syu "lib32-libtiff>=4.0.8-1"

The problems have been fixed upstream in version 4.0.8.

Workaround
==========

None.

Description
===========

- CVE-2015-7554 (arbitrary code execution)

An Invalid memory write flaw was found in libtiff in the way it parsed
certain extension tags when reading TIFF format files. An attacker
could use this flaw to crash or even execute arbitrary code with the
permission of the user running such an application compiled against
libtiff.

- CVE-2016-10095 (arbitrary code execution)

A stack-based buffer overflow vulnerability was found in libtiff, in
the _TIFFVGetField function in tif_dir.c, when running tiffslpit on
crafted tiff file.

Impact
======

A remote attacker can execute arbitrary code on the affected host via a
crafted TIFF file.

References
==========

https://bugs.archlinux.org/task/54842
http://seclists.org/oss-sec/2015/q4/590
http://bugzilla.maptools.org/show_bug.cgi?id=2564
http://seclists.org/oss-sec/2017/q1/10
https://blogs.gentoo.org/ago/2017/01/01/libtiff-stack-based-buffer-overflow-in-_tiffvgetfield-tif_dir-c/
https://security.archlinux.org/CVE-2015-7554
https://security.archlinux.org/CVE-2016-10095

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.manjaro.org/pipermail/manjaro-security/attachments/20170718/7aa20e75/attachment.sig>