Bug 1190703 (CVE-2014-9655)

Summary: CVE-2014-9655 libtiff: use of uninitialized memory in putcontig8bitYCbCr21tile and NeXTDecode
Product: [Other] Security Response Reporter: Vasyl Kaigorodov <vkaigoro>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: erik-fedora, fhirtz, mhradile, phracek, sardella, security-response-team, sisharma, slawomir
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-08 02:38:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1190710, 1190712, 1269188, 1269189, 1299918, 1299919, 1299920, 1299921, 1335098, 1335099    
Bug Blocks: 1174883    

Description Vasyl Kaigorodov 2015-02-09 13:54:36 UTC 
Below issues were reported [1] and fixed upstream in libtiff:

 - uninitialized memory in putcontig8bitYCbCr21tile
   Fixed in:

     2014-12-29  Even Rouault  <even.rouault () spatialys com>

     * libtiff/tif_getimage.c: in OJPEG case, fix checks on strile width/height
       in the putcontig8bitYCbCr42tile, putcontig8bitYCbCr41tile and
       putcontig8bitYCbCr21tile cases.

 - uninitialized memory in NeXTDecode
   Fixed in:

     2014-12-29  Even Rouault  <even.rouault () spatialys com>

     * libtiff/tif_next.c: add new tests to check that we don't read outside of
     the compressed input stream buffer.

[1]: http://seclists.org/oss-sec/2015/q1/454
Comment 1 Vasyl Kaigorodov 2015-02-09 14:08:01 UTC 
Created libtiff tracking bugs for this issue:

Affects: fedora-all [bug 1190710]
Comment 2 Vasyl Kaigorodov 2015-02-09 14:09:09 UTC 
Created mingw-libtiff tracking bugs for this issue:

Affects: epel-7 [bug 1190712]
Comment 3 Siddharth Sharma 2015-03-26 07:02:43 UTC 
Patch
=====

https://github.com/vadz/libtiff/commit/40a5955cbf0df62b1f9e9bd7d9657b0070725d19#diff-8267b6b5121b27393df8c9734578a8ae
Comment 4 Fedora Update System 2015-05-30 15:55:31 UTC 
libtiff-4.0.3-20.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 5 Siddharth Sharma 2015-06-01 11:57:02 UTC 
Statement:

This issue affects the version of libtiff package as shipped with Red Hat Enterprise Linux 5, 6 and 7. A further update may address this flaw in Red Hat Enterprise Linux 6 and 7.

Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates.
Comment 19 errata-xmlrpc 2016-08-02 16:40:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2016:1547 https://rhn.redhat.com/errata/RHSA-2016-1547.html
Comment 20 errata-xmlrpc 2016-08-02 16:59:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:1546 https://rhn.redhat.com/errata/RHSA-2016-1546.html