{"id":"MGASA-2016-0349","summary":"The updated packages fix libtiff security vulnerabilities","details":"The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows \nattackers to cause a denial of service (invalid memory write and \ncrash) or possibly have unspecified other impact via crafted field\ndata in an extension tag in a TIFF image. (CVE-2015-7554)\n\nHeap-based buffer overflow in the PackBitsPreEncode function in \ntif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote\nattackers to execute arbitrary code or cause a denial of service via a\nlarge width field in a BMP image. (CVE-2015-8668)\n\nBuffer overflow in the readextension function in gif2tiff.c in LibTIFF\n4.0.6 allows remote attackers to cause a denial of service (application\ncrash) via a crafted GIF file. (CVE-2016-3186) (the program gif2tiff has\nbeen obsoleted)\n\nThe fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6\nand earlier allows remote attackers to cause a denial of service \n(divide-by-zero error) via a crafted TIFF image. (CVE-2016-3622)\n\nThe rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers \nto cause a denial of service (divide-by-zero) by setting the (1) v or (2)\nh parameter to 0. (CVE-2016-3623)\n\nThe _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier \nallows remote attackers to cause a denial of service (out-of-bounds write)\nor execute arbitrary code via a crafted TIFF image. (CVE-2016-3632)\n\nMultiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile \nfunctions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode\nis enabled,allow remote attackers to cause a denial of service (crash) or \nexecute arbitrary code via a crafted TIFF image, which triggers an \nout-of-bounds write. (CVE-2016-3945)\n\nHeap-based buffer overflow in the horizontalDifference8 function in \ntif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers \nto cause a denial of service (crash) or execute arbitrary code via \na crafted TIFF image to tiffcp. (CVE-2016-3990)\n\nHeap-based buffer overflow in the loadImage function in the tiffcrop tool \nin LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of \nservice (out-of-bounds write) or execute arbitrary code via a crafted TIFF\nimage with zero tiles. (CVE-2016-3991)\n\nPixarLogDecode() out-of-bound writes (CVE-2016-5314)\n\ntif_dir.c: setByteArray() Read access violation (CVE-2016-5315)\n\ntif_pixarlog.c: PixarLogCleanup() Segmentation fault (CVE-2016-5316)\n\ncrash occurs when generating a thumbnail for a crafted TIFF image \n(CVE-2016-5317)\n\nrgb2ycbcr: command excution (CVE-2016-5320)\n\nDumpModeDecode(): Ddos (CVE-2016-5321)\n\ntiffcrop: extractContigSamplesBytes: out-of-bounds read (CVE-2016-5322)\n\ntiffcrop _TIFFFax3fillruns(): divide by zero (CVE-2016-5323)\n\ntiff: heap-based buffer overflow when using the PixarLog compression format (CVE-2016-5875)\n\ntiff: information leak in libtiff/tif_read.c (CVE-2016-6223)\n","modified":"2026-02-04T04:21:36.429246Z","published":"2016-10-20T22:35:16Z","related":["CVE-2015-7554","CVE-2015-8668","CVE-2016-3186","CVE-2016-3622","CVE-2016-3623","CVE-2016-3632","CVE-2016-3945","CVE-2016-3990","CVE-2016-3991","CVE-2016-5314","CVE-2016-5315","CVE-2016-5316","CVE-2016-5317","CVE-2016-5320","CVE-2016-5321","CVE-2016-5322","CVE-2016-5323","CVE-2016-5875","CVE-2016-6223"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0349.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=17480"},{"type":"REPORT","url":"http://openwall.com/lists/oss-security/2015/12/26/7"},{"type":"REPORT","url":"https://lists.opensuse.org/opensuse-updates/2016-04/msg00064.html"},{"type":"REPORT","url":"http://openwall.com/lists/oss-security/2016/07/14/4"},{"type":"REPORT","url":"http://lwn.net/Vulnerabilities/695692/"},{"type":"REPORT","url":"https://lists.opensuse.org/opensuse-updates/2016-07/msg00087.html"},{"type":"REPORT","url":"https://rhn.redhat.com/errata/RHSA-2016-1546.html"},{"type":"REPORT","url":"http://lwn.net/Vulnerabilities/696207/"},{"type":"REPORT","url":"http://lwn.net/Vulnerabilities/698795/"},{"type":"REPORT","url":"http://lwn.net/Vulnerabilities/699684/"}],"affected":[{"package":{"name":"libtiff","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/libtiff?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.6-1.4.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0349.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}