SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   LibTIFF Vendors:   libtiff.org
(CentOS Issues Fix) LibTIFF Integer Overflow in bmp2tiff Lets Remote Users Deny Service
SecurityTracker Alert ID:  1036499
SecurityTracker URL:  http://securitytracker.com/id/1036499
CVE Reference:   CVE-2014-9330   (Links to External Site)
Date:  Aug 2 2016
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.0.3; possibly prior versions
Description:   A vulnerability was reported in LibTIFF. A remote user can cause denial of service conditions.

A remote user can send a specially crafted BMP image that, when processed by the library, will trigger an integer overflow in bmp2tiff and cause the target application to crash.

Paris Zoumpouloglou of Project Zero labs reported this vulnerability.

Impact:   A remote user can cause the target application to crash.
Solution:   CentOS has issued a fix.

i386:
1701fdf308e42109a8c84a4c28b88a189ac5013592f61651da3711909e4c02f2 libtiff-3.9.4-18.el6_8.i686.rpm
81877483ff255596cf278e47ec7d9248a8adaa3d36c5430e726e1d9e2cf99d84 libtiff-devel-3.9.4-18.el6_8.i686.rpm
d436dbca6a7294667656eaabe5cfcf2169050b5e48003a1c66f67dfbc561e283 libtiff-static-3.9.4-18.el6_8.i686.rpm

x86_64:
1701fdf308e42109a8c84a4c28b88a189ac5013592f61651da3711909e4c02f2 libtiff-3.9.4-18.el6_8.i686.rpm
9115b1a909b80cf146f972cc9e38adee45818bc5997571f4ba20dbe082717c90 libtiff-3.9.4-18.el6_8.x86_64.rpm
81877483ff255596cf278e47ec7d9248a8adaa3d36c5430e726e1d9e2cf99d84 libtiff-devel-3.9.4-18.el6_8.i686.rpm
fedc1887876906e4ceef08a52a258872dbdb35c625fb9f5826e3b593b25ee7b2 libtiff-devel-3.9.4-18.el6_8.x86_64.rpm
eb12631cde623b9be36d2c04b96f1e0794ea4a38e9c83de8a824b47fa68895c6 libtiff-static-3.9.4-18.el6_8.x86_64.rpm

Source:
cdcf05901d605fa2969161d91a724e57aa508f9f0a12cb55b50891bf9649cf41 libtiff-3.9.4-18.el6_8.src.rpm

Cause:   Boundary error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  6

Message History:   This archive entry is a follow-up to the message listed below.
Dec 24 2014 LibTIFF Integer Overflow in bmp2tiff Lets Remote Users Deny Service



 Source Message Contents

Subject:  [CentOS-announce] CESA-2016:1547 Important CentOS 6 libtiff Security Update


CentOS Errata and Security Advisory 2016:1547 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-1547.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
1701fdf308e42109a8c84a4c28b88a189ac5013592f61651da3711909e4c02f2  libtiff-3.9.4-18.el6_8.i686.rpm
81877483ff255596cf278e47ec7d9248a8adaa3d36c5430e726e1d9e2cf99d84  libtiff-devel-3.9.4-18.el6_8.i686.rpm
d436dbca6a7294667656eaabe5cfcf2169050b5e48003a1c66f67dfbc561e283  libtiff-static-3.9.4-18.el6_8.i686.rpm

x86_64:
1701fdf308e42109a8c84a4c28b88a189ac5013592f61651da3711909e4c02f2  libtiff-3.9.4-18.el6_8.i686.rpm
9115b1a909b80cf146f972cc9e38adee45818bc5997571f4ba20dbe082717c90  libtiff-3.9.4-18.el6_8.x86_64.rpm
81877483ff255596cf278e47ec7d9248a8adaa3d36c5430e726e1d9e2cf99d84  libtiff-devel-3.9.4-18.el6_8.i686.rpm
fedc1887876906e4ceef08a52a258872dbdb35c625fb9f5826e3b593b25ee7b2  libtiff-devel-3.9.4-18.el6_8.x86_64.rpm
eb12631cde623b9be36d2c04b96f1e0794ea4a38e9c83de8a824b47fa68895c6  libtiff-static-3.9.4-18.el6_8.x86_64.rpm

Source:
cdcf05901d605fa2969161d91a724e57aa508f9f0a12cb55b50891bf9649cf41  libtiff-3.9.4-18.el6_8.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC