libtiff's user-code is fully protected against such issues by static analyzer, thus there is no need to upgrade to latest git version of libtiff. In order to resolve this issue as quickly as possible, a patch has been submitted upstream. There is no fix for this issue in Debian/Ubuntu packages yet. - CVE-2017-6410 TIFFReadDirectory() in tif_dirread.c in libtiff 4.0.3 through 4.3.0 does not handle NULL source pointer passed as the first argument. A remote attacker could exploit this vulnerability to cause denial-of-service via crafted TIFF file. - CVE-2017-6411 TIFFReadDirectory() in tif_dirread.c in libtiff 4.0.3 through 4.3.0 does not check for NULL source pointer passed as the first argument. A remote attacker could exploit this vulnerability to cause denial-of-service via crafted TIFF file. - CVE-2017-6412 TIFFReadDirectory() in tif_dirread.c in libtiff 4.0.3 through 4.3.0 does not validate the second argument passed to the function. A remote attacker could exploit this vulnerability to cause denial-of-service via crafted TIFF file. - CVE-2017-6413 TIFFReadDirectory() in tif_dirread.c in libtiff 4.0.3 through 4.

Debian-specific notes

The first two issues are indeed fixed in the latest git version of libtiff.

References: https://github.com/libtiff/libtiff/commit/cfecc8f7c1d87b27db6bafff2bc9aedd6e9d3bf

https://github.com/libtiff/libtiff/commit/4eaec4b0173de9601f908d42ef48e4477ba21b6

Timeline

Published on: 02/11/2022 18:15:00 UTC
Last modified on: 03/31/2022 18:05:00 UTC

References