CVE-2019-17546
Published: 14 October 2019
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.
From the Ubuntu Security Team
It was discovered that GDAL incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
Priority
Status
Package | Release | Status |
---|---|---|
blender Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
disco |
Ignored
(reached end-of-life)
|
|
eoan |
Ignored
(reached end-of-life)
|
|
focal |
Needs triage
|
|
groovy |
Ignored
(reached end-of-life)
|
|
hirsute |
Ignored
(reached end-of-life)
|
|
impish |
Ignored
(reached end-of-life)
|
|
jammy |
Needs triage
|
|
kinetic |
Needs triage
|
|
lunar |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
chromium-browser Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(80.0.3987.87-0ubuntu0.18.04.1)
|
disco |
Ignored
(reached end-of-life)
|
|
eoan |
Not vulnerable
(code not present)
|
|
focal |
Not vulnerable
(code not present)
|
|
groovy |
Not vulnerable
(code not present)
|
|
hirsute |
Not vulnerable
(code not present)
|
|
impish |
Not vulnerable
(code not present)
|
|
jammy |
Not vulnerable
(code not present)
|
|
kinetic |
Not vulnerable
(code not present)
|
|
lunar |
Not vulnerable
(code not present)
|
|
trusty |
Does not exist
|
|
upstream |
Released
|
|
xenial |
Not vulnerable
(80.0.3987.87-0ubuntu0.16.04.1)
|
|
gdal Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(uses system tiff)
|
disco |
Not vulnerable
(uses system tiff)
|
|
eoan |
Not vulnerable
(uses system tiff)
|
|
focal |
Not vulnerable
(uses system tiff)
|
|
groovy |
Not vulnerable
(uses system tiff)
|
|
hirsute |
Not vulnerable
(uses system tiff)
|
|
impish |
Not vulnerable
(uses system tiff)
|
|
jammy |
Not vulnerable
(uses system tiff)
|
|
kinetic |
Not vulnerable
(uses system tiff)
|
|
lunar |
Not vulnerable
(uses system tiff)
|
|
trusty |
Released
(1.10.1+dfsg-5ubuntu1+esm1)
|
|
upstream |
Needs triage
|
|
xenial |
Needed
|
|
Patches: upstream: https://github.com/OSGeo/gdal/commit/21674033ee246f698887604c7af7ba1962a40ddf |
||
insighttoolkit4 Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
disco |
Ignored
(reached end-of-life)
|
|
eoan |
Ignored
(reached end-of-life)
|
|
focal |
Needs triage
|
|
groovy |
Ignored
(reached end-of-life)
|
|
hirsute |
Ignored
(reached end-of-life)
|
|
impish |
Ignored
(reached end-of-life)
|
|
jammy |
Needs triage
|
|
kinetic |
Needs triage
|
|
lunar |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
ivtools Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
disco |
Ignored
(reached end-of-life)
|
|
eoan |
Ignored
(reached end-of-life)
|
|
focal |
Needs triage
|
|
groovy |
Ignored
(reached end-of-life)
|
|
hirsute |
Ignored
(reached end-of-life)
|
|
impish |
Ignored
(reached end-of-life)
|
|
jammy |
Needs triage
|
|
kinetic |
Needs triage
|
|
lunar |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
libtk-img Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
disco |
Ignored
(reached end-of-life)
|
|
eoan |
Ignored
(reached end-of-life)
|
|
focal |
Needs triage
|
|
groovy |
Ignored
(reached end-of-life)
|
|
hirsute |
Ignored
(reached end-of-life)
|
|
impish |
Ignored
(reached end-of-life)
|
|
jammy |
Needs triage
|
|
kinetic |
Needs triage
|
|
lunar |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
neuron Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
disco |
Ignored
(reached end-of-life)
|
|
eoan |
Ignored
(reached end-of-life)
|
|
focal |
Needs triage
|
|
groovy |
Ignored
(reached end-of-life)
|
|
hirsute |
Ignored
(reached end-of-life)
|
|
impish |
Ignored
(reached end-of-life)
|
|
jammy |
Needs triage
|
|
kinetic |
Needs triage
|
|
lunar |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
openjpeg2 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(uses system tiff)
|
disco |
Not vulnerable
(uses system tiff)
|
|
eoan |
Not vulnerable
(uses system tiff)
|
|
focal |
Not vulnerable
(uses system tiff)
|
|
groovy |
Not vulnerable
(uses system tiff)
|
|
hirsute |
Not vulnerable
(uses system tiff)
|
|
impish |
Not vulnerable
(uses system tiff)
|
|
jammy |
Not vulnerable
(uses system tiff)
|
|
kinetic |
Not vulnerable
(uses system tiff)
|
|
lunar |
Not vulnerable
(uses system tiff)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(uses system tiff)
|
|
paraview Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
disco |
Ignored
(reached end-of-life)
|
|
eoan |
Ignored
(reached end-of-life)
|
|
focal |
Needs triage
|
|
groovy |
Ignored
(reached end-of-life)
|
|
hirsute |
Ignored
(reached end-of-life)
|
|
impish |
Ignored
(reached end-of-life)
|
|
jammy |
Needs triage
|
|
kinetic |
Needs triage
|
|
lunar |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
povray Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
disco |
Ignored
(reached end-of-life)
|
|
eoan |
Ignored
(reached end-of-life)
|
|
focal |
Needs triage
|
|
groovy |
Ignored
(reached end-of-life)
|
|
hirsute |
Ignored
(reached end-of-life)
|
|
impish |
Ignored
(reached end-of-life)
|
|
jammy |
Needs triage
|
|
kinetic |
Needs triage
|
|
lunar |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
qt4-x11 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(uses system libtiff)
|
disco |
Not vulnerable
(uses system libtiff)
|
|
eoan |
Not vulnerable
(uses system libtiff)
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Not vulnerable
(uses system libtiff)
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(uses system libtiff)
|
|
qtimageformats-opensource-src Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
disco |
Ignored
(reached end-of-life)
|
|
eoan |
Ignored
(reached end-of-life)
|
|
focal |
Needs triage
|
|
groovy |
Ignored
(reached end-of-life)
|
|
hirsute |
Ignored
(reached end-of-life)
|
|
impish |
Ignored
(reached end-of-life)
|
|
jammy |
Needs triage
|
|
kinetic |
Needs triage
|
|
lunar |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
qtwebengine-opensource-src Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
disco |
Ignored
(reached end-of-life)
|
|
eoan |
Ignored
(reached end-of-life)
|
|
focal |
Needs triage
|
|
groovy |
Ignored
(reached end-of-life)
|
|
hirsute |
Ignored
(reached end-of-life)
|
|
impish |
Ignored
(reached end-of-life)
|
|
jammy |
Needs triage
|
|
kinetic |
Needs triage
|
|
lunar |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
sfftobmp Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
disco |
Ignored
(reached end-of-life)
|
|
eoan |
Ignored
(reached end-of-life)
|
|
focal |
Needs triage
|
|
groovy |
Ignored
(reached end-of-life)
|
|
hirsute |
Ignored
(reached end-of-life)
|
|
impish |
Ignored
(reached end-of-life)
|
|
jammy |
Needs triage
|
|
kinetic |
Needs triage
|
|
lunar |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
texmaker Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
disco |
Ignored
(reached end-of-life)
|
|
eoan |
Ignored
(reached end-of-life)
|
|
focal |
Needs triage
|
|
groovy |
Ignored
(reached end-of-life)
|
|
hirsute |
Ignored
(reached end-of-life)
|
|
impish |
Ignored
(reached end-of-life)
|
|
jammy |
Needs triage
|
|
kinetic |
Needs triage
|
|
lunar |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
tiff Launchpad, Ubuntu, Debian |
bionic |
Released
(4.0.9-5ubuntu0.3)
|
disco |
Released
(4.0.10-4ubuntu0.1)
|
|
eoan |
Not vulnerable
(4.0.10+git191003-1)
|
|
focal |
Not vulnerable
(4.0.10+git191003-1)
|
|
groovy |
Not vulnerable
(4.0.10+git191003-1)
|
|
hirsute |
Not vulnerable
(4.0.10+git191003-1)
|
|
impish |
Not vulnerable
(4.0.10+git191003-1)
|
|
jammy |
Not vulnerable
(4.0.10+git191003-1)
|
|
kinetic |
Not vulnerable
(4.0.10+git191003-1)
|
|
lunar |
Not vulnerable
(4.0.10+git191003-1)
|
|
trusty |
Released
(4.0.3-7ubuntu0.11+esm6)
|
|
upstream |
Released
(4.0.10+git190818-1)
|
|
xenial |
Released
(4.0.6-1ubuntu0.7)
|
|
Patches: upstream: https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145 |
||
xloadimage Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
disco |
Ignored
(reached end-of-life)
|
|
eoan |
Ignored
(reached end-of-life)
|
|
focal |
Needs triage
|
|
groovy |
Ignored
(reached end-of-life)
|
|
hirsute |
Ignored
(reached end-of-life)
|
|
impish |
Ignored
(reached end-of-life)
|
|
jammy |
Needs triage
|
|
kinetic |
Needs triage
|
|
lunar |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |