964213 – (CVE-2015-8781) VUL-1: CVE-2015-8781: tiff: out-of-bounds writes for invalid images

Bug 964213 (CVE-2015-8781) - VUL-1: CVE-2015-8781: tiff: out-of-bounds writes for invalid images

Summary: VUL-1: CVE-2015-8781: tiff: out-of-bounds writes for invalid images

Status:	RESOLVED DUPLICATE of bug 964225

Alias:	CVE-2015-8781

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P5 - None Severity: Normal
Target Milestone:	---
Assignee:	Fridrich Strba
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/161258/
Whiteboard:	CVSSv2:SUSE:CVE-2015-8782:4.3:(AV:N/A...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2016-01-29 16:21 UTC by Johannes Segitz
Modified:	2018-09-14 13:21 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Johannes Segitz 2016-01-29 16:21:50 UTC

rh#1301649

A flaw was discovered in a way libtiff decodes special data. A potential out-of-bounds write could occur for specifically crafted images.

Fix: https://github.com/vadz/libtiff/commit/aaab5c3c9d2a2c6984f23ccbc79702610439bc65

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1301649
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8783
http://seclists.org/oss-sec/2016/q1/190
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8783.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8783
http://bugzilla.maptools.org/show_bug.cgi?id=2522

Comment 1 Johannes Segitz 2016-01-29 16:41:18 UTC

CVSS scoring mess with SMASH, well just do it in one bug and ignore the CVSS scores

*** This bug has been marked as a duplicate of bug 964225 ***