Bug 1294417 (CVE-2015-7554)

Summary: CVE-2015-7554 libtiff: Invalid-write in _TIFFVGetField() when parsing some extension tags
Product: [Other] Security Response Reporter: Huzaifa S. Sidhpurwala <huzaifas>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: amaris, carnil, huzaifas, mhradile, phracek, sardella, scorneli, slawomir
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-10-13 09:25:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1299918, 1299919, 1299920, 1299921, 1335098, 1335099    
Bug Blocks: 1294418, 1410122    

Description Huzaifa S. Sidhpurwala 2015-12-28 07:05:49 UTC 
An Invalid memory write flaw was found in libtiff in the way it parsed certain extension tags when reading TIFF format files. An attacker could use this flaw to crash or even execute arbitrary code with the permission of the user running such an application compiled against libtiff.

Reference:

http://seclists.org/bugtraq/2015/Dec/137
Comment 9 errata-xmlrpc 2016-08-02 16:40:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2016:1547 https://rhn.redhat.com/errata/RHSA-2016-1547.html
Comment 10 errata-xmlrpc 2016-08-02 16:59:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:1546 https://rhn.redhat.com/errata/RHSA-2016-1546.html
Comment 11 Huzaifa S. Sidhpurwala 2017-01-16 06:30:18 UTC 
*** Bug 1410063 has been marked as a duplicate of this bug. ***