Bug#866109: marked as done (tiff: CVE-2017-9935: Heap-based buffer overflow in t2p_write_pdf)

[Debian Bug Tracking System]

Your message dated Fri, 09 Feb 2018 23:49:08 +0000
with message-id <e1ekipk-0005fl...@fasolo.debian.org>
and subject line Bug#866109: fixed in tiff 4.0.8-2+deb9u2
has caused the Debian Bug report #866109,
regarding tiff: CVE-2017-9935: Heap-based buffer overflow in t2p_write_pdf
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
866109: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866109
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: tiff
Version: 4.0.8-2
Severity: grave
Tags: upstream security
Forwarded: http://bugzilla.maptools.org/show_bug.cgi?id=2704

Hi,

the following vulnerability was published for tiff, using severity
grave for now since I'm not sure code execution can be ruled out.

CVE-2017-9935[0]:
| In LibTIFF 4.0.8, there is a heap-based buffer overflow in the
| t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could
| lead to different damages. For example, a crafted TIFF document can
| lead to an out-of-bounds read in TIFFCleanup, an invalid free in
| TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or
| a double free in t2p_free. Given these possibilities, it probably could
| cause arbitrary code execution.

In the upstream bugtracker the reporter has provided his reproducers
which can be used later on to verfiy a fix as well with the given
testcases.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-9935
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9935
[1] http://bugzilla.maptools.org/show_bug.cgi?id=2704

Please adjust the affected versions in the BTS as needed, specifically
no checks have been done yet for older versions than 4.0.8-2.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: tiff
Source-Version: 4.0.8-2+deb9u2

We believe that the bug you reported is fixed in the latest version of
tiff, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 866...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <g...@debian.org> (supplier of updated tiff package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 30 Dec 2017 20:13:06 +0000
Source: tiff
Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl 
libtiff-doc
Architecture: source all amd64
Version: 4.0.8-2+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <g...@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <g...@debian.org>
Description:
 libtiff-doc - TIFF manipulation and conversion documentation
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff5   - Tag Image File Format (TIFF) library
 libtiff5-dev - Tag Image File Format library (TIFF), development files
 libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 866109 868513 872607 873879 873880 885985
Changes:
 tiff (4.0.8-2+deb9u2) stretch-security; urgency=high
 .
   * Fix CVE-2017-11335: heap based buffer write overflow in tiff2pdf
     (closes: #868513).
   * Fix CVE-2017-12944: OOM prevention in TIFFReadDirEntryArray()
     (closes: #872607).
   * Fix CVE-2017-13726: reachable assertion abort in TIFFWriteDirectorySec()
     (closes: #873880).
   * Fix CVE-2017-13727: reachable assertion abort in
     TIFFWriteDirectoryTagSubifd() (closes: #873879).
   * Fix CVE-2017-18013: NULL pointer dereference in TIFFPrintDirectory()
     (closes: #885985).
   * Fix CVE-2017-9935: heap-based buffer overflow in the t2p_write_pdf()
     function (closes: #866109).
Checksums-Sha1:
 7b8e353320028667b6d5320533d7ab6ed0974868 2185 tiff_4.0.8-2+deb9u2.dsc
 34dfd38e29ab6c66d21ca7e4a388088b6e0e4b40 26252 
tiff_4.0.8-2+deb9u2.debian.tar.xz
 9000bc577b99dcbdc8ef5dde806c2adeb78d744a 395746 
libtiff-doc_4.0.8-2+deb9u2_all.deb
 70f0e4fab28528f4ff8cd8e3bb7fa7a98c68b6ae 14182 
libtiff-opengl-dbgsym_4.0.8-2+deb9u2_amd64.deb
 92c052e7a85e13273f363cee870c6d9dcb21cc2b 100320 
libtiff-opengl_4.0.8-2+deb9u2_amd64.deb
 84a4b3be06f2fda59ee153e72d6f9d7a80371003 351868 
libtiff-tools-dbgsym_4.0.8-2+deb9u2_amd64.deb
 c60b3176d060515d76b827f5806d68e6863f6929 281122 
libtiff-tools_4.0.8-2+deb9u2_amd64.deb
 c7a996fa1cb99d3d2c3259a3e08d743ea2b978a5 371778 
libtiff5-dbgsym_4.0.8-2+deb9u2_amd64.deb
 3615c374e61717f9bf2a8cd1dd5dd9e498abfbd8 360454 
libtiff5-dev_4.0.8-2+deb9u2_amd64.deb
 1b34836762c411b2c264426a12c0fbf035bdc419 237814 
libtiff5_4.0.8-2+deb9u2_amd64.deb
 6f3ac50cb436bd5a6497dcc14fb3c32b8c64f498 21044 
libtiffxx5-dbgsym_4.0.8-2+deb9u2_amd64.deb
 2269dab18fd163950c0d19792a3f1a24b0b37f3d 95620 
libtiffxx5_4.0.8-2+deb9u2_amd64.deb
 1e1f9cb575406ae5667bdda9229639d90a98b29d 10659 
tiff_4.0.8-2+deb9u2_amd64.buildinfo
Checksums-Sha256:
 b64056af722ac8826486c5361bce5e832347da02a7f7f5664d92c57b5b816ddf 2185 
tiff_4.0.8-2+deb9u2.dsc
 25fc9acaa503e454e40050a4fb6bca69bdce0f3d5eec5a08d8abe29b4f9584d9 26252 
tiff_4.0.8-2+deb9u2.debian.tar.xz
 ddba77d3a9e0d193a13e57bda811edd02ee551d46be697103aba3d8099e474af 395746 
libtiff-doc_4.0.8-2+deb9u2_all.deb
 0c346f50f1e0340fd2fbdcf7914be058c23ce762f9d0258b85ff6385a9f997a0 14182 
libtiff-opengl-dbgsym_4.0.8-2+deb9u2_amd64.deb
 87fbae83f470b92101df10aa984d71d9c5fce5c6da1a4a29bacea64ab6bd0414 100320 
libtiff-opengl_4.0.8-2+deb9u2_amd64.deb
 f6ace11f2dc10b47cbc789f200d68d7532ec217f56e15f6b07cb8cde99bfb42c 351868 
libtiff-tools-dbgsym_4.0.8-2+deb9u2_amd64.deb
 c68bb945d982edab0ca706d08f92516e92c1b1903c25d313d65080719acb4293 281122 
libtiff-tools_4.0.8-2+deb9u2_amd64.deb
 c9b1b912f965bf6c0a18e13b1aa1aa451eb1d824c5aeb2d08bfb55f759157fa0 371778 
libtiff5-dbgsym_4.0.8-2+deb9u2_amd64.deb
 50f0c22b0de9c9ed5186b7b6b5273e29438180683fab6016ec10f30995e297c9 360454 
libtiff5-dev_4.0.8-2+deb9u2_amd64.deb
 f07cf814bd48e50467aa31c70d67a19c1c1ff43a6c85f685c99bb7589348b74d 237814 
libtiff5_4.0.8-2+deb9u2_amd64.deb
 b52d73ca7ae7df2a69d3895b05a6eace541e6aef41936b3445811e64092b4ae1 21044 
libtiffxx5-dbgsym_4.0.8-2+deb9u2_amd64.deb
 daff2a977c2c900913d78649cdb747ee16888ffb3ca479dfac47a7f0b519f4f1 95620 
libtiffxx5_4.0.8-2+deb9u2_amd64.deb
 0daef45061fadcc87411fabe80b057d5146cc308379604a8526a4c0e9d99be78 10659 
tiff_4.0.8-2+deb9u2_amd64.buildinfo
Files:
 1c6352ae88a3bd5e084bb4fdf533dd10 2185 libs optional tiff_4.0.8-2+deb9u2.dsc
 8a0484a21612098e9738bb15e563443f 26252 libs optional 
tiff_4.0.8-2+deb9u2.debian.tar.xz
 bd81dc15d542df10d803cb08a0582cd4 395746 doc optional 
libtiff-doc_4.0.8-2+deb9u2_all.deb
 93a223ddbb8c8156e00a48837a8c39f9 14182 debug extra 
libtiff-opengl-dbgsym_4.0.8-2+deb9u2_amd64.deb
 773216be66c54198706ae898d1024e96 100320 graphics optional 
libtiff-opengl_4.0.8-2+deb9u2_amd64.deb
 5a02365ff38e954142b4f63f82aafb27 351868 debug extra 
libtiff-tools-dbgsym_4.0.8-2+deb9u2_amd64.deb
 6ed2b2e46bd249fb458140dd8bd70054 281122 graphics optional 
libtiff-tools_4.0.8-2+deb9u2_amd64.deb
 74c12049f1d056c889ca8b8ff6fc4030 371778 debug extra 
libtiff5-dbgsym_4.0.8-2+deb9u2_amd64.deb
 31778ea681d7f5ea2d97ceae9b0291f9 360454 libdevel optional 
libtiff5-dev_4.0.8-2+deb9u2_amd64.deb
 dce21b072092d5565de8a4933a3741de 237814 libs optional 
libtiff5_4.0.8-2+deb9u2_amd64.deb
 1c7042a6a764d3b301008756260bcd2b 21044 debug extra 
libtiffxx5-dbgsym_4.0.8-2+deb9u2_amd64.deb
 1cfa6d7209474d5f632200b11b82eaad 95620 libs optional 
libtiffxx5_4.0.8-2+deb9u2_amd64.deb
 238e426d0391aa6eee7215257b091a69 10659 libs optional 
tiff_4.0.8-2+deb9u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlprtVMACgkQEMKTtsN8
TjZZgA//Uob4p3YJQ2xNJAfg4DuPuo1bax7SSpsWVq43Q1SNhdn6lUZqx/MlV+19
BLLiN3dCZHX0lNrRZXaE0fMatMN2SUfl3gNH4ZGM3cX9TYo2cl8w2PRA6h2sHPYo
q+N0NdLxqF0HrTdUOWw1wTEqjaeJoNhgfScq9az4DJ8grxFICR61bML4pzLJRIna
QhfhVW5Iq5Mv/r504Toqn9c4gspmypYvYi6endgtTcJnNSHPTd+AcjBfkwt8rn/s
5jdg/q2jXwabYxnBb5NRYfuRY7a2RB35MmlxDHhx/TF0koQWumZ3uGygj0iGNt/y
b3hPaTPLrJpRAzJ6kYKIl4jlRRG6Us9UCCCuz7llqOGDX0P+uQnLRIE7IH3f6r3X
TbyP6m68xYEDv0lifherrHS/E9RMd9hmRqxXDm+3xOEuk29424KmqZ3TBYgEkFO/
L71quoVcaH5L6v4yq98svQ5eDoCvTZx2Kno3JkV68lGNJaILWj+brPAnmakoPB+7
Q1ngSoNYApg41x7TVw/Dc/9/NiJl9KmEmpUaXBOmzNgy81W5FjIWtKQsZnDx7qFM
kG5tP7uiCM1MDZs9qZI50a/HAYmez+wBOMS8LW/WBg46DWltD2ab28/TqwlTjj63
tuqgZs8dwnWG4f3qywiH8LH6g5SjvXQfYVh1xtmdFvFWJY31VZk=
=iy1i
-----END PGP SIGNATURE-----

--- End Message ---