987351 – (CVE-2016-5875) VUL-1: CVE-2016-5875: tiff: heap-based buffer overflow when using the PixarLog compressionformat

Bug 987351 (CVE-2016-5875) - VUL-1: CVE-2016-5875: tiff: heap-based buffer overflow when using the PixarLog compressionformat

Summary: VUL-1: CVE-2016-5875: tiff: heap-based buffer overflow when using the PixarLo...

Status:	RESOLVED FIXED

Alias:	CVE-2016-5875

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Normal
Target Milestone:	---
Assignee:	Fridrich Strba
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/170563/
Whiteboard:	CVSSv2:SUSE:CVE-2016-5875:5.8:(AV:N/A...
Keywords:

Depends on:
Blocks:	CVE-2016-5314
	Show dependency tree / graph

Clone This Bug

Reported:	2016-07-01 12:20 UTC by Andreas Stieger
Modified:	2018-05-30 22:43 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Stieger 2016-07-01 12:20:26 UTC

> heap-based buffer overflow in
> LibTIFF in the file libtiff/tif_pixarlog.c. The vulnerability allows an
> attacker to control the size of the allocated heap-buffer while
> independently controlling the data to be written to the buffer with no
> restrictions on the size of the written data.
>
> revision 1.44
> date: 2016-06-28 17:12:19 +0200; author: erouault; commitid: 2SqWSFG5a8Ewffcz;
>
> * libtiff/tif_pixarlog.c: fix potential buffer write overrun in
> PixarLogDecode() on corrupted/unexpected images (reported by Mathias
> Svensson)

However, CVE duplication was claimed: (bug 984831 / CVE-2016-5314)

> CVE-2016-5875 (buffer overrun in PixarLogDecode()) is CVE-2016-5314
> (PixarLogDecode() out-of-bound writes) which causes CVE-2016-5320
> (rgb2ycbcr command execution).




References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5875
http://seclists.org/oss-sec/2016/q2/629
http://seclists.org/oss-sec/2016/q2/624
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5875.html

Comment 1 Swamp Workflow Management 2016-07-01 22:00:14 UTC

bugbot adjusting priority

Comment 2 Swamp Workflow Management 2016-07-27 17:11:19 UTC

openSUSE-SU-2016:1889-1: An update that solves 5 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 964225,984808,984831,984837,984842,987351
CVE References: CVE-2016-5314,CVE-2016-5316,CVE-2016-5317,CVE-2016-5320,CVE-2016-5875
Sources used:
openSUSE 13.2 (src):    tiff-4.0.6-10.26.1

Comment 3 Fridrich Strba 2016-09-06 07:41:53 UTC

Closing as fixed. Reopen if you think you need to.

Comment 4 Swamp Workflow Management 2016-09-09 10:12:07 UTC

SUSE-SU-2016:2271-1: An update that fixes 9 vulnerabilities is now available.

Category: security (moderate)
Bug References: 964225,973340,984808,984831,984837,984842,987351
CVE References: CVE-2015-8781,CVE-2015-8782,CVE-2015-8783,CVE-2016-3186,CVE-2016-5314,CVE-2016-5316,CVE-2016-5317,CVE-2016-5320,CVE-2016-5875
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    tiff-4.0.6-26.3
SUSE Linux Enterprise Server 12-SP1 (src):    tiff-4.0.6-26.3
SUSE Linux Enterprise Desktop 12-SP1 (src):    tiff-4.0.6-26.3

Comment 5 Swamp Workflow Management 2016-09-16 13:10:58 UTC

openSUSE-SU-2016:2321-1: An update that fixes 9 vulnerabilities is now available.

Category: security (moderate)
Bug References: 964225,973340,984808,984831,984837,984842,987351
CVE References: CVE-2015-8781,CVE-2015-8782,CVE-2015-8783,CVE-2016-3186,CVE-2016-5314,CVE-2016-5316,CVE-2016-5317,CVE-2016-5320,CVE-2016-5875
Sources used:
openSUSE Leap 42.1 (src):    tiff-4.0.6-6.1

Comment 6 Swamp Workflow Management 2016-09-25 10:10:30 UTC

openSUSE-SU-2016:2375-1: An update that fixes 9 vulnerabilities is now available.

Category: security (moderate)
Bug References: 974614,974618,975069,975070,984808,984831,984837,984842,987351
CVE References: CVE-2016-3623,CVE-2016-3945,CVE-2016-3990,CVE-2016-3991,CVE-2016-5314,CVE-2016-5316,CVE-2016-5317,CVE-2016-5320,CVE-2016-5875
Sources used:
openSUSE 13.1 (src):    tiff-4.0.6-8.25.1

Comment 7 Swamp Workflow Management 2016-10-13 15:12:43 UTC

SUSE-SU-2016:2527-1: An update that fixes 10 vulnerabilities is now available.

Category: security (moderate)
Bug References: 973340,974449,974614,974618,975069,984808,984831,984837,984842,987351
CVE References: CVE-2016-3186,CVE-2016-3622,CVE-2016-3623,CVE-2016-3945,CVE-2016-3990,CVE-2016-5314,CVE-2016-5316,CVE-2016-5317,CVE-2016-5320,CVE-2016-5875
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    tiff-3.8.2-141.168.1
SUSE Linux Enterprise Server 11-SP4 (src):    tiff-3.8.2-141.168.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    tiff-3.8.2-141.168.1

Comment 8 Swamp Workflow Management 2016-12-07 14:11:03 UTC

openSUSE-SU-2016:3035-1: An update that fixes 14 vulnerabilities is now available.

Category: security (important)
Bug References: 1007280,1010161,1010163,1011103,1011107,914890,974449,974840,984813,984815,987351
CVE References: CVE-2014-8127,CVE-2015-7554,CVE-2015-8665,CVE-2015-8683,CVE-2016-3622,CVE-2016-3658,CVE-2016-5321,CVE-2016-5323,CVE-2016-5652,CVE-2016-5875,CVE-2016-9273,CVE-2016-9297,CVE-2016-9448,CVE-2016-9453
Sources used:
openSUSE 13.2 (src):    tiff-4.0.7-10.35.1

Comment 9 Swamp Workflow Management 2016-12-29 23:17:44 UTC

SUSE-SU-2016:3301-1: An update that fixes 11 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1007280,1010161,1010163,1011103,1011107,914890,974449,974840,984813,984815,987351
CVE References: CVE-2014-8127,CVE-2016-3622,CVE-2016-3658,CVE-2016-5321,CVE-2016-5323,CVE-2016-5652,CVE-2016-5875,CVE-2016-9273,CVE-2016-9297,CVE-2016-9448,CVE-2016-9453
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    tiff-4.0.7-35.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    tiff-4.0.7-35.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    tiff-4.0.7-35.1
SUSE Linux Enterprise Server 12-SP2 (src):    tiff-4.0.7-35.1
SUSE Linux Enterprise Server 12-SP1 (src):    tiff-4.0.7-35.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    tiff-4.0.7-35.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    tiff-4.0.7-35.1

Comment 10 Swamp Workflow Management 2017-01-08 00:18:53 UTC

openSUSE-SU-2017:0074-1: An update that fixes 11 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1007280,1010161,1010163,1011103,1011107,914890,974449,974840,984813,984815,987351
CVE References: CVE-2014-8127,CVE-2016-3622,CVE-2016-3658,CVE-2016-5321,CVE-2016-5323,CVE-2016-5652,CVE-2016-5875,CVE-2016-9273,CVE-2016-9297,CVE-2016-9448,CVE-2016-9453
Sources used:
openSUSE Leap 42.2 (src):    tiff-4.0.7-12.1
openSUSE Leap 42.1 (src):    tiff-4.0.7-12.1

Comment 12 Swamp Workflow Management 2018-05-30 13:16:25 UTC

SUSE-SU-2018:1472-1: An update that solves 14 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1017694,1031250,1031254,1033109,1033111,1033112,1033113,1033120,1033126,1033127,1033129,1074317,984808,984809,984831,987351
CVE References: CVE-2016-10267,CVE-2016-10269,CVE-2016-10270,CVE-2016-5314,CVE-2016-5315,CVE-2017-18013,CVE-2017-7593,CVE-2017-7595,CVE-2017-7596,CVE-2017-7597,CVE-2017-7599,CVE-2017-7600,CVE-2017-7601,CVE-2017-7602
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    tiff-3.8.2-141.169.6.1
SUSE Linux Enterprise Server 11-SP4 (src):    tiff-3.8.2-141.169.6.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    tiff-3.8.2-141.169.6.1