Bugzilla – Bug 1154365
VUL-1: CVE-2019-17546: tiff: integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image
Last modified: 2024-05-06 11:59:19 UTC
CVE-2019-17546 tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition. References: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17546 http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17546.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17546 https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145 https://github.com/OSGeo/gdal/commit/21674033ee246f698887604c7af7ba1962a40ddf
Tracked all supported codestreams as affected
orioginally rated as buffer overread, but is a buffer overwrite
I will work on all the open tiff bugs now and submit them as one bunch.
Michael, NTS is pushing for fix for sles11 sp3, is the patch already available?
(In reply to Zuzana Petrova from comment #7) > Michael, NTS is pushing for fix for sles11 sp3, is the patch already > available? Working project is at: https://build.suse.de/project/show/home:mvetter:tiff-221 Submitted now all tiff fixes: SR#263502 to sle15 SR#263501 to sle12 SR#263500 to sle11
submitted
As noted in https://bugzilla.suse.com/show_bug.cgi?id=1194223#c11 this bug was actually forgotten in the submission to SLE11. New SR#265138 to SLE11.
SUSE-SU-2022:0496-1: An update that fixes 8 vulnerabilities is now available. Category: security (important) Bug References: 1071031,1154365,1182808,1182809,1182811,1182812,1190312,1194539 CVE References: CVE-2017-17095,CVE-2019-17546,CVE-2020-19131,CVE-2020-35521,CVE-2020-35522,CVE-2020-35523,CVE-2020-35524,CVE-2022-22844 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): tiff-4.0.9-44.45.1 SUSE OpenStack Cloud Crowbar 8 (src): tiff-4.0.9-44.45.1 SUSE OpenStack Cloud 9 (src): tiff-4.0.9-44.45.1 SUSE OpenStack Cloud 8 (src): tiff-4.0.9-44.45.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): tiff-4.0.9-44.45.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): tiff-4.0.9-44.45.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): tiff-4.0.9-44.45.1 SUSE Linux Enterprise Server 12-SP5 (src): tiff-4.0.9-44.45.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): tiff-4.0.9-44.45.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): tiff-4.0.9-44.45.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): tiff-4.0.9-44.45.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): tiff-4.0.9-44.45.1 HPE Helion Openstack 8 (src): tiff-4.0.9-44.45.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
This is an autogenerated message for OBS integration: This bug (1154365) was mentioned in https://build.opensuse.org/request/show/1121286 Factory / tiff
All done, closing.