Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2019-17546

Published: 14 October 2019

tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.

From the Ubuntu Security Team

It was discovered that GDAL incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

Priority

Medium

Cvss 3 Severity Score

8.8

Score breakdown

Status

Package Release Status
blender
Launchpad, Ubuntu, Debian
bionic Needs triage

disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Does not exist

upstream Needs triage

xenial Needs triage

chromium-browser
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(80.0.3987.87-0ubuntu0.18.04.1)
disco Ignored
(reached end-of-life)
eoan Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
groovy Not vulnerable
(code not present)
hirsute Not vulnerable
(code not present)
impish Not vulnerable
(code not present)
jammy Not vulnerable
(code not present)
kinetic Not vulnerable
(code not present)
lunar Not vulnerable
(code not present)
trusty Does not exist

upstream
Released
xenial Not vulnerable
(80.0.3987.87-0ubuntu0.16.04.1)
gdal
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(uses system tiff)
disco Not vulnerable
(uses system tiff)
eoan Not vulnerable
(uses system tiff)
focal Not vulnerable
(uses system tiff)
groovy Not vulnerable
(uses system tiff)
hirsute Not vulnerable
(uses system tiff)
impish Not vulnerable
(uses system tiff)
jammy Not vulnerable
(uses system tiff)
kinetic Not vulnerable
(uses system tiff)
lunar Not vulnerable
(uses system tiff)
trusty
Released (1.10.1+dfsg-5ubuntu1+esm1)
upstream Needs triage

xenial Needed

Patches:
upstream: https://github.com/OSGeo/gdal/commit/21674033ee246f698887604c7af7ba1962a40ddf

insighttoolkit4
Launchpad, Ubuntu, Debian
bionic Needs triage

disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Does not exist

upstream Needs triage

xenial Needs triage

ivtools
Launchpad, Ubuntu, Debian
bionic Needs triage

disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Does not exist

upstream Needs triage

xenial Needs triage

libtk-img
Launchpad, Ubuntu, Debian
bionic Needs triage

disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Does not exist

upstream Needs triage

xenial Needs triage

neuron
Launchpad, Ubuntu, Debian
bionic Needs triage

disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Does not exist

upstream Needs triage

xenial Does not exist

openjpeg2
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(uses system tiff)
disco Not vulnerable
(uses system tiff)
eoan Not vulnerable
(uses system tiff)
focal Not vulnerable
(uses system tiff)
groovy Not vulnerable
(uses system tiff)
hirsute Not vulnerable
(uses system tiff)
impish Not vulnerable
(uses system tiff)
jammy Not vulnerable
(uses system tiff)
kinetic Not vulnerable
(uses system tiff)
lunar Not vulnerable
(uses system tiff)
trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(uses system tiff)
paraview
Launchpad, Ubuntu, Debian
bionic Needs triage

disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Does not exist

upstream Needs triage

xenial Needs triage

povray
Launchpad, Ubuntu, Debian
bionic Needs triage

disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Does not exist

upstream Needs triage

xenial Needs triage

qt4-x11
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(uses system libtiff)
disco Not vulnerable
(uses system libtiff)
eoan Not vulnerable
(uses system libtiff)
focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

lunar Does not exist

trusty Not vulnerable
(uses system libtiff)
upstream Needs triage

xenial Not vulnerable
(uses system libtiff)
qtimageformats-opensource-src
Launchpad, Ubuntu, Debian
bionic Needs triage

disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Does not exist

upstream Needs triage

xenial Needs triage

qtwebengine-opensource-src
Launchpad, Ubuntu, Debian
bionic Needs triage

disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Does not exist

upstream Needs triage

xenial Does not exist

sfftobmp
Launchpad, Ubuntu, Debian
bionic Needs triage

disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Does not exist

upstream Needs triage

xenial Needs triage

texmaker
Launchpad, Ubuntu, Debian
bionic Needs triage

disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Does not exist

upstream Needs triage

xenial Needs triage

tiff
Launchpad, Ubuntu, Debian
bionic
Released (4.0.9-5ubuntu0.3)
disco
Released (4.0.10-4ubuntu0.1)
eoan Not vulnerable
(4.0.10+git191003-1)
focal Not vulnerable
(4.0.10+git191003-1)
groovy Not vulnerable
(4.0.10+git191003-1)
hirsute Not vulnerable
(4.0.10+git191003-1)
impish Not vulnerable
(4.0.10+git191003-1)
jammy Not vulnerable
(4.0.10+git191003-1)
kinetic Not vulnerable
(4.0.10+git191003-1)
lunar Not vulnerable
(4.0.10+git191003-1)
trusty
Released (4.0.3-7ubuntu0.11+esm6)
upstream
Released (4.0.10+git190818-1)
xenial
Released (4.0.6-1ubuntu0.7)
Patches:

upstream: https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145
xloadimage
Launchpad, Ubuntu, Debian
bionic Needs triage

disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

kinetic Needs triage

lunar Needs triage

trusty Does not exist

upstream Needs triage

xenial Needs triage

Severity score breakdown

Parameter Value
Base score 8.8
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H