| Description: | Summary:
The remote host is missing an update for the 'tiff' package(s) announced via the SUSE-SU-2016:3301-1 advisory.
Vulnerability Insight:
The tiff library and tools were updated to version 4.0.7 fixing various bug and security issues.
- CVE-2014-8127: out-of-bounds read with malformed TIFF image in multiple tools [bnc#914890]
- CVE-2016-9297: tif_dirread.c read outside buffer in _TIFFPrintField() [bnc#1010161]
- CVE-2016-3658: Illegal read in TIFFWriteDirectoryTagLongLong8Array function in tiffset / tif_dirwrite.c [bnc#974840]
- CVE-2016-9273: heap overflow [bnc#1010163]
- CVE-2016-3622: divide By Zero in the tiff2rgba tool [bnc#974449]
- CVE-2016-5652: tiff2pdf JPEG Compression Tables Heap Buffer Overflow [bnc#1007280]
- CVE-2016-9453: out-of-bounds Write memcpy and less bound check in tiff2pdf [bnc#1011107]
- CVE-2016-5875: heap-based buffer overflow when using the PixarLog compressionformat [bnc#987351]
- CVE-2016-9448: regression introduced by fixing CVE-2016-9297 [bnc#1011103]
- CVE-2016-5321: out-of-bounds read in tiffcrop / DumpModeDecode() function [bnc#984813]
- CVE-2016-5323: Divide-by-zero in _TIFFFax3fillruns() function (null ptr dereference?) [bnc#984815]
Affected Software/OS:
'tiff' package(s) on SUSE Linux Enterprise Desktop 12-SP1, SUSE Linux Enterprise Desktop 12-SP2, SUSE Linux Enterprise Server 12-SP1, SUSE Linux Enterprise Server 12-SP2, SUSE Linux Enterprise Server for Raspberry Pi 12-SP2, SUSE Linux Enterprise Server for SAP Applications 12-SP1, SUSE Linux Enterprise Server for SAP Applications 12-SP2.
Solution:
Please install the updated package(s).
CVSS Score:
6.8
CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
