1156749 – (CVE-2015-8665) VUL-1: CVE-2015-8665: tiff: Out-of-bounds read in tif_getimage.c

Bug 1156749 (CVE-2015-8665) - VUL-1: CVE-2015-8665: tiff: Out-of-bounds read in tif_getimage.c

Summary: VUL-1: CVE-2015-8665: tiff: Out-of-bounds read in tif_getimage.c

Status:	RESOLVED FIXED

Alias:	CVE-2015-8665

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Minor
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/160112/
Whiteboard:	CVSSv3.1:SUSE:CVE-2015-8665:3.3:(AV:L...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2019-11-14 09:51 UTC by Wolfgang Frisch
Modified:	2024-07-04 07:18 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
tiff-3.x-CVE-2015-8665_8683.patch (3.75 KB, patch) 2019-11-14 10:35 UTC, Wolfgang Frisch	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Wolfgang Frisch 2019-11-14 09:51:55 UTC

CVE-2015-8665

An Out-of-bounds read flaw was found in libtiff. An attacker could create a specially-crafted TIFF file, which could cause libtiff to crash.

Reference:

http://www.openwall.com/lists/oss-security/2015/12/24/4

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1294444
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8665
http://www.openwall.com/lists/oss-security/2015/12/24/2
http://seclists.org/oss-sec/2015/q4/580
http://www.openwall.com/lists/oss-security/2015/12/24/4
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808968
https://access.redhat.com/security/cve/CVE-2015-8665
http://rhn.redhat.com/errata/RHSA-2016-1547.html
http://rhn.redhat.com/errata/RHSA-2016-1546.html
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8665.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8665
http://www.ubuntu.com/usn/USN-2939-1
http://cve.mitre.org/cve/request_id.html
http://www.securitytracker.com/id/1035508
http://www.securityfocus.com/bid/79728

Comment 3 Wolfgang Frisch 2019-11-14 10:35:34 UTC

Created attachment 824131 [details]
tiff-3.x-CVE-2015-8665_8683.patch

Comment 5 Michael Vetter 2022-02-02 14:11:54 UTC

submitted

Comment 7 Swamp Workflow Management 2022-02-18 14:21:40 UTC

SUSE-SU-2022:14888-1: An update that fixes 6 vulnerabilities is now available.

Category: security (important)
Bug References: 1156749,1156754,1182808,1182809,1182811,1182812
CVE References: CVE-2015-8665,CVE-2015-8683,CVE-2020-35521,CVE-2020-35522,CVE-2020-35523,CVE-2020-35524
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    tiff-3.8.2-141.169.34.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    tiff-3.8.2-141.169.34.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    tiff-3.8.2-141.169.34.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    tiff-3.8.2-141.169.34.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 8 Wolfgang Frisch 2024-07-04 07:18:13 UTC

Resolved