CVE-2019-17546
Published: 14 October 2019
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.
From the Ubuntu Security Team
It was discovered that GDAL incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
Notes
| Author | Note |
|---|---|
| sbeattie | the neuron package dropped the embedded InterView library (which contained an embedded libtiff) in 8.2.2-1. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
blender Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(uses system tiff)
|
| disco |
Not vulnerable
(uses system tiff)
|
|
| eoan |
Not vulnerable
(uses system tiff)
|
|
| focal |
Not vulnerable
(uses system tiff)
|
|
| groovy |
Not vulnerable
(uses system tiff)
|
|
| hirsute |
Not vulnerable
(uses system tiff)
|
|
| impish |
Not vulnerable
(uses system tiff)
|
|
| jammy |
Not vulnerable
(uses system tiff)
|
|
| kinetic |
Not vulnerable
(uses system tiff)
|
|
| lunar |
Not vulnerable
(uses system tiff)
|
|
| mantic |
Not vulnerable
(uses system tiff)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(uses system tiff)
|
|
|
chromium-browser Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(80.0.3987.87-0ubuntu0.18.04.1)
|
| disco |
Ignored
(end of life)
|
|
| eoan |
Not vulnerable
(code not present)
|
|
| focal |
Not vulnerable
(code not present)
|
|
| groovy |
Not vulnerable
(code not present)
|
|
| hirsute |
Not vulnerable
(code not present)
|
|
| impish |
Not vulnerable
(code not present)
|
|
| jammy |
Not vulnerable
(code not present)
|
|
| kinetic |
Not vulnerable
(code not present)
|
|
| lunar |
Not vulnerable
(code not present)
|
|
| mantic |
Not vulnerable
(code not present)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
|
|
| xenial |
Not vulnerable
(80.0.3987.87-0ubuntu0.16.04.1)
|
|
|
gdal Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(uses system libtiff)
|
| disco |
Not vulnerable
(uses system libtiff)
|
|
| eoan |
Not vulnerable
(uses system libtiff)
|
|
| focal |
Not vulnerable
(uses system libtiff)
|
|
| groovy |
Not vulnerable
(uses system libtiff)
|
|
| hirsute |
Not vulnerable
(uses system libtiff)
|
|
| impish |
Not vulnerable
(uses system libtiff)
|
|
| jammy |
Not vulnerable
(uses system libtiff)
|
|
| kinetic |
Not vulnerable
(uses system libtiff)
|
|
| lunar |
Not vulnerable
(uses system libtiff)
|
|
| mantic |
Not vulnerable
(uses system libtiff)
|
|
| trusty |
Released
(1.10.1+dfsg-5ubuntu1+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| upstream |
Needs triage
|
|
| xenial |
Needed
|
|
|
Patches: upstream: https://github.com/OSGeo/gdal/commit/21674033ee246f698887604c7af7ba1962a40ddf |
||
|
insighttoolkit4 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(uses system tiff)
|
| disco |
Not vulnerable
(uses system tiff)
|
|
| eoan |
Not vulnerable
(uses system tiff)
|
|
| focal |
Not vulnerable
(uses system tiff)
|
|
| groovy |
Not vulnerable
(uses system tiff)
|
|
| hirsute |
Not vulnerable
(uses system tiff)
|
|
| impish |
Not vulnerable
(uses system tiff)
|
|
| jammy |
Not vulnerable
(uses system tiff)
|
|
| kinetic |
Not vulnerable
(uses system tiff)
|
|
| lunar |
Not vulnerable
(uses system tiff)
|
|
| mantic |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(uses system tiff)
|
|
|
ivtools Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(uses system libtiff)
|
| disco |
Not vulnerable
(uses system libtiff)
|
|
| eoan |
Not vulnerable
(uses system libtiff)
|
|
| focal |
Not vulnerable
(uses system libtiff)
|
|
| groovy |
Not vulnerable
(uses system libtiff)
|
|
| hirsute |
Not vulnerable
(uses system libtiff)
|
|
| impish |
Not vulnerable
(uses system libtiff)
|
|
| jammy |
Not vulnerable
(uses system libtiff)
|
|
| kinetic |
Not vulnerable
(uses system libtiff)
|
|
| lunar |
Not vulnerable
(uses system libtiff)
|
|
| mantic |
Not vulnerable
(uses system libtiff)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(uses system libtiff)
|
|
|
libtk-img Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(uses system libtiff)
|
| disco |
Not vulnerable
(uses system libtiff)
|
|
| eoan |
Not vulnerable
(uses system libtiff)
|
|
| focal |
Not vulnerable
(uses system libtiff)
|
|
| groovy |
Not vulnerable
(uses system libtiff)
|
|
| hirsute |
Not vulnerable
(uses system libtiff)
|
|
| impish |
Not vulnerable
(uses system libtiff)
|
|
| jammy |
Not vulnerable
(uses system libtiff)
|
|
| kinetic |
Not vulnerable
(uses system libtiff)
|
|
| lunar |
Not vulnerable
(uses system libtiff)
|
|
| mantic |
Not vulnerable
(uses system libtiff)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(uses system libtiff)
|
|
|
neuron Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| disco |
Ignored
(end of life)
|
|
| eoan |
Ignored
(end of life)
|
|
| focal |
Needs triage
|
|
| groovy |
Ignored
(end of life)
|
|
| hirsute |
Ignored
(end of life)
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Needs triage
|
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| lunar |
Not vulnerable
(dropped embedded libtiff)
|
|
| mantic |
Not vulnerable
(dropped embedded libtiff)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
|
openjpeg2 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(uses system tiff)
|
| disco |
Not vulnerable
(uses system tiff)
|
|
| eoan |
Not vulnerable
(uses system tiff)
|
|
| focal |
Not vulnerable
(uses system tiff)
|
|
| groovy |
Not vulnerable
(uses system tiff)
|
|
| hirsute |
Not vulnerable
(uses system tiff)
|
|
| impish |
Not vulnerable
(uses system tiff)
|
|
| jammy |
Not vulnerable
(uses system tiff)
|
|
| kinetic |
Not vulnerable
(uses system tiff)
|
|
| lunar |
Not vulnerable
(uses system tiff)
|
|
| mantic |
Not vulnerable
(uses system tiff)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(uses system tiff)
|
|
|
paraview Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(uses system libtiff)
|
| disco |
Not vulnerable
(uses system libtiff)
|
|
| eoan |
Not vulnerable
(uses system libtiff)
|
|
| focal |
Not vulnerable
(uses system libtiff)
|
|
| groovy |
Not vulnerable
(uses system libtiff)
|
|
| hirsute |
Not vulnerable
(uses system libtiff)
|
|
| impish |
Not vulnerable
(uses system libtiff)
|
|
| jammy |
Not vulnerable
(uses system libtiff)
|
|
| kinetic |
Not vulnerable
(uses system libtiff)
|
|
| lunar |
Not vulnerable
(uses system libtiff)
|
|
| mantic |
Not vulnerable
(uses system libtiff)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(uses system libtiff)
|
|
|
povray Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(uses system libtiff)
|
| disco |
Not vulnerable
(uses system libtiff)
|
|
| eoan |
Not vulnerable
(uses system libtiff)
|
|
| focal |
Not vulnerable
(uses system libtiff)
|
|
| groovy |
Not vulnerable
(uses system libtiff)
|
|
| hirsute |
Not vulnerable
(uses system libtiff)
|
|
| impish |
Not vulnerable
(uses system libtiff)
|
|
| jammy |
Not vulnerable
(uses system libtiff)
|
|
| kinetic |
Not vulnerable
(uses system libtiff)
|
|
| lunar |
Not vulnerable
(uses system libtiff)
|
|
| mantic |
Not vulnerable
(uses system libtiff)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(uses system libtiff)
|
|
|
qt4-x11 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(uses system libtiff)
|
| disco |
Not vulnerable
(uses system libtiff)
|
|
| eoan |
Not vulnerable
(uses system libtiff)
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| mantic |
Does not exist
|
|
| trusty |
Not vulnerable
(uses system libtiff)
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(uses system libtiff)
|
|
|
qtimageformats-opensource-src Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| disco |
Ignored
(end of life)
|
|
| eoan |
Ignored
(end of life)
|
|
| focal |
Needs triage
|
|
| groovy |
Ignored
(end of life)
|
|
| hirsute |
Ignored
(end of life)
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Needs triage
|
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| lunar |
Ignored
(end of life, was needs-triage)
|
|
| mantic |
Needs triage
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
|
qtwebengine-opensource-src Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| disco |
Ignored
(end of life)
|
|
| eoan |
Ignored
(end of life)
|
|
| focal |
Needs triage
|
|
| groovy |
Ignored
(end of life)
|
|
| hirsute |
Ignored
(end of life)
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Needs triage
|
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| lunar |
Ignored
(end of life, was needs-triage)
|
|
| mantic |
Needs triage
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
|
sfftobmp Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(uses system libtiff)
|
| disco |
Not vulnerable
(uses system libtiff)
|
|
| eoan |
Not vulnerable
(uses system libtiff)
|
|
| focal |
Not vulnerable
(uses system libtiff)
|
|
| groovy |
Not vulnerable
(uses system libtiff)
|
|
| hirsute |
Not vulnerable
(uses system libtiff)
|
|
| impish |
Not vulnerable
(uses system libtiff)
|
|
| jammy |
Not vulnerable
(uses system libtiff)
|
|
| kinetic |
Not vulnerable
(uses system libtiff)
|
|
| lunar |
Not vulnerable
(uses system libtiff)
|
|
| mantic |
Not vulnerable
(uses system libtiff)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(uses system libtiff)
|
|
|
texmaker Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| disco |
Ignored
(end of life)
|
|
| eoan |
Ignored
(end of life)
|
|
| focal |
Needs triage
|
|
| groovy |
Ignored
(end of life)
|
|
| hirsute |
Ignored
(end of life)
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Needs triage
|
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| lunar |
Ignored
(end of life, was needs-triage)
|
|
| mantic |
Needs triage
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code not present)
|
|
|
tiff Launchpad, Ubuntu, Debian |
bionic |
Released
(4.0.9-5ubuntu0.3)
|
| disco |
Released
(4.0.10-4ubuntu0.1)
|
|
| eoan |
Not vulnerable
(4.0.10+git191003-1)
|
|
| focal |
Not vulnerable
(4.0.10+git191003-1)
|
|
| groovy |
Not vulnerable
(4.0.10+git191003-1)
|
|
| hirsute |
Not vulnerable
(4.0.10+git191003-1)
|
|
| impish |
Not vulnerable
(4.0.10+git191003-1)
|
|
| jammy |
Not vulnerable
(4.0.10+git191003-1)
|
|
| kinetic |
Not vulnerable
(4.0.10+git191003-1)
|
|
| lunar |
Not vulnerable
(4.0.10+git191003-1)
|
|
| mantic |
Not vulnerable
(4.0.10+git191003-1)
|
|
| trusty |
Released
(4.0.3-7ubuntu0.11+esm6)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| upstream |
Released
(4.0.10+git190818-1)
|
|
| xenial |
Released
(4.0.6-1ubuntu0.7)
|
|
|
Patches: upstream: https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145 |
||
|
xloadimage Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(uses system libtiff)
|
| disco |
Not vulnerable
(uses system libtiff)
|
|
| eoan |
Not vulnerable
(uses system libtiff)
|
|
| focal |
Not vulnerable
(uses system libtiff)
|
|
| groovy |
Not vulnerable
(uses system libtiff)
|
|
| hirsute |
Not vulnerable
(uses system libtiff)
|
|
| impish |
Not vulnerable
(uses system libtiff)
|
|
| jammy |
Not vulnerable
(uses system libtiff)
|
|
| kinetic |
Not vulnerable
(uses system libtiff)
|
|
| lunar |
Not vulnerable
(uses system libtiff)
|
|
| mantic |
Not vulnerable
(uses system libtiff)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(uses system libtiff)
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 8.8 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |