[Git][security-tracker-team/security-tracker][master] tiff: CVE-2018-5360 same as CVE-2014-8127

Hugo Lefeuvre hle at debian.org
Tue Dec 18 09:22:08 GMT 2018 

Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
266afc6c by Hugo Lefeuvre at 2018-12-18T09:21:41Z
tiff: CVE-2018-5360 same as CVE-2014-8127

CVE-2018-5360 same issue as bug #2500 (SamplesPerPixel changed without
updating SMinSampleValue).

Build a pre-739dcd28 libTIFF with asan and

$ tiffset graphicsmagic_0.tif

and you will get the exact same crash.

undetermined not removed yet since I still have to check again the
fixed Debian version (first official release to ship patch is 4.0.7
but the fix might have been introduced in earlier Debian releases)

see https://sourceforge.net/p/graphicsmagick/bugs/540/ (post awaiting
moderation at the moment)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -46474,7 +46474,10 @@ CVE-2018-5360 (LibTIFF before 4.0.6 mishandles the reading of TIFF files, as ...
 	[wheezy] - tiff3 <postponed> (Minor issue, revisit once fixed upstream)
 	NOTE: Issue demostrated in tiff via a vector through graphicsmagick, cf.
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/540/
-	NOTE: Claimed to be fixed in latest libtiff, but no indication yet which changes adresses the issue
+	NOTE: Same issue as http://bugzilla.maptools.org/show_bug.cgi?id=2500 (CVE-2014-8127)
+	NOTE: fixed as per 2016-10-25 (first release to ship the patch seems to be 4.0.7)
+	NOTE: https://gitlab.com/libtiff/libtiff/commit/739dcd28a061738b317c1e9f91029d9cbc157159
+	NOTE: TODO check which exact Debian release contained the fix at first
 CVE-2018-5359 (The server in Flexense SysGauge 3.6.18 operating on port 9221 can be ...)
 	NOT-FOR-US: Flexense SysGauge
 CVE-2018-5358 (ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/266afc6c8ada260ad84fe5fb64921cafe9cb24ef

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/266afc6c8ada260ad84fe5fb64921cafe9cb24ef
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181218/a74a820b/attachment.html>

More information about the debian-security-tracker-commits mailing list