Bugzilla – Bug 974841
VUL-1: CVE-2016-3633: tiff: Illegal read occurs in _setrow function in thumbnail
Last modified: 2019-04-25 14:42:43 UTC
Details ======= Product: libtiff Affected Versions: <= 4.0.6 Vulnerability Type: Illegel read Vendor URL: http://www.libtiff.org/ CVE ID: CVE-2016-3633 Credit: Kaixiang Zhang of the Cloud Security Team, Qihoo 360 Introduction Illegal read occurs in the _ setrow function in thumbnail.c when using thumbnail command, which allows attackers to exploit this issue to cause denial-of-service. /libtiff/tools/thumbnail.c:525 523 for (y = 0; y < nrows; y++) { 524 const uint8* src = rows[y] + off; 525 acc += bits[*src++ & mask0]; gdb --args thumbnail setrow.tif tmpout.tif ���� Program received signal SIGSEGV, Segmentation fault. 0x08049de5 in setrow (row=0x8061d00 "", nrows=256, rows=0xbfffeba0) at thumbnail.c:525 525 acc += bits[*src++ & mask0]; (gdb) bt #0 0x08049de5 in setrow (row=0x8061d00 "", nrows=256, rows=0xbfffeba0) at thumbnail.c:525 #1 0x0804a07a in setImage1 (br=0x804d9b8 "\377", rw=5242880, rh=5242880) at thumbnail.c:581 #2 0x0804a121 in setImage (br=0x804d9b8 "\377", rw=5242880, rh=5242880) at thumbnail.c:591 #3 0x0804a2db in generateThumbnail (in=0x804d530, out=0x804d008) at thumbnail.c:633 #4 0x08048f5f in main (argc=3, argv=0xbffff134) at thumbnail.c:122 (gdb) p *src Cannot access memory at address 0x8204988 References: http://www.openwall.com/lists/oss-security/2016/04/08/11 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3633 http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3633.html
bugbot adjusting priority
http://bugzilla.maptools.org/show_bug.cgi?id=2548#c1 The thumbnail utility is no longer installed by the libtiff package (as will appear in 4.0.7). It now only exists for internal testing.
Created attachment 703718 [details] setrow_cve_20163633.tif I've got the original reproducer from the reporter.
The thumbnail tool is not part of tiff anymore. It will not be present in major future SLE releases. Closing bug as WONTFIX.