{"affected":[{"ecosystem_specific":{"binaries":[{"libtiff-devel":"4.0.9-5.14.1","libtiff5":"4.0.9-5.14.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15","name":"tiff","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.0.9-5.14.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libtiff5-32bit":"4.0.9-5.14.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Desktop Applications 15","name":"tiff","purl":"pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.0.9-5.14.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for tiff fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2018-10779: TIFFWriteScanline in tif_write.c had a heap-based buffer over-read, as demonstrated by bmp2tiff.(bsc#1092480)\n- CVE-2018-17100: There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108637)\n- CVE-2018-17101: There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108627)\n- CVE-2018-17795: The function t2p_write_pdf in tiff2pdf.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. (bsc#1110358)\n- CVE-2018-16335: newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209. (bsc#1106853)\n\n","id":"SUSE-SU-2018:3327-1","modified":"2018-10-23T10:45:55Z","published":"2018-10-23T10:45:55Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20183327-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1092480"},{"type":"REPORT","url":"https://bugzilla.suse.com/1106853"},{"type":"REPORT","url":"https://bugzilla.suse.com/1108627"},{"type":"REPORT","url":"https://bugzilla.suse.com/1108637"},{"type":"REPORT","url":"https://bugzilla.suse.com/1110358"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-10779"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-16335"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-17100"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-17101"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-17795"}],"related":["CVE-2018-10779","CVE-2018-16335","CVE-2018-17100","CVE-2018-17101","CVE-2018-17795"],"summary":"Security update for tiff","upstream":["CVE-2018-10779","CVE-2018-16335","CVE-2018-17100","CVE-2018-17101","CVE-2018-17795"]}