Security Bulletin: Libtiff vulnerabilities affect IBM SmartClound Entry

Summary

"IBM SmartCloud Entry is vulnerable to vulnerabilities in libtiff. An attacker could exploit these vulnerabilities to write data, cause a denial of service, execute arbitrary codes, or cause crashes.
CVE-2014-8127 CVE-2014-8129 CVE-2014-8130 CVE-2014-9330 CVE-2014-9655 CVE-2015-1547 CVE-2015-7554 CVE-2015-8665 CVE-2015-8683 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2015-8784 CVE-2016-3632 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2015-8668 CVE-2016-5320

Vulnerability Details

CVEID: CVE-2014-8127**
DESCRIPTION:** LibTIFF is vulnerable to a denial of service, caused by an out-of-bound read error in multiple tools. A remote attacker could exploit this vulnerability using specially-crafted TIFF images to cause the application to crash.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101436 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2014-8129**
DESCRIPTION:** LibTIFF is vulnerable to a denial of service, caused by an out-of-bound access in tiff2pdf. A remote attacker could exploit this vulnerability using specially-crafted TIFF images to cause the application to crash.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101451 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2014-8130**
DESCRIPTION:** LibTIFF is vulnerable to a denial of service, caused by a divide-by-zero in the tiffdither tool. A remote attacker could exploit this vulnerability using specially-crafted TIFF images to cause the application to crash.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101453 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2014-9330**
DESCRIPTION:** LibTIFF could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in bmp2tiff. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/99665 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVEID: CVE-2014-9655**
DESCRIPTION:** LibTIFF is vulnerable to a denial of service, caused by an error in the NeXTDecode function in tif_next.c and putcontig8bitYCbCr21tile function in tif_getimage.c. By persuading a victim to open a specially crafted TIFF image file, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112751 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2015-1547**
DESCRIPTION:** LibTIFF is vulnerable to a denial of service, caused by an error in the NeXTDecode function in tif_next.c. By persuading a victim to open a specially crafted TIFF image file, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112668 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2015-7554**
DESCRIPTION:** LibTIFF could allow a remote attacker to bypass security restrictions, caused by an error in field_passcount variable. By sending a specially-crafted request, an attacker could exploit this vulnerability to write data.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109280 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2015-8665**
DESCRIPTION:** LibTIFF is vulnerable to a denial of service, caused by an out-of-bound read in tif_getimage.c. A remote attacker could exploit this vulnerability using specially-crafted TIFF images to cause the application to crash.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110074 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2015-8668**
DESCRIPTION:** LibTIFF could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in bmp2tiff function within tif_packbits.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 8.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109279 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L)

CVEID: CVE-2015-8683**
DESCRIPTION:** LibTIFF is vulnerable to a denial of service, caused by an out-of-bound read in tif_getimage.c. A remote attacker could exploit this vulnerability using specially-crafted TIFF images to cause the application to crash.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110075 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2015-8781**
DESCRIPTION:** LibTIFF is vulnerable to a denial of service, caused by an out-of-bounds write in tif_luv.c. A remote attacker could exploit this vulnerability using specially-crafted LogL compressed TIFF images to cause the application to crash.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110369 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2015-8782**
DESCRIPTION:** LibTIFF is vulnerable to a denial of service, caused by an out-of-bounds write in tif_luv.c. A remote attacker could exploit this vulnerability using specially-crafted TIFF images to cause the application to crash.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110371 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2015-8783**
DESCRIPTION:** LibTIFF is vulnerable to a denial of service, caused by an out-of-bounds read in tif_luv.c. A remote attacker could exploit this vulnerability using specially-crafted TIFF images to cause the application to crash.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110372 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2015-8784**
DESCRIPTION:** LibTIFF could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write in the NeXTDecode() function. An remote attacker could exploit this vulnerability using specially-crafted TIFF images to execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 6.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110614 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-3632**
DESCRIPTION:** LibTIFF is vulnerable to a denial of service, caused by an out-of-bounds write in the _TIFFVGetField function in tif_getimage.c. By persuading a victim to open a specially crafted image file, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112109 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-3945**
DESCRIPTION:** LibTIFF is vulnerable to a denial of service, caused by an out-of-bounds read in the cvt_by_strip function in tif_getimage.c. By persuading a victim to open a specially crafted image file, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112108 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-3990**
DESCRIPTION:** LibTIFF is vulnerable to a denial of service, caused by an out-of-bounds write in the horizontalDifference8() function in tiffcp. By persuading a victim to open a specially crafted image file, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112169 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-3991**
DESCRIPTION:** LibTIFF is vulnerable to a denial of service, caused by an out-of-bounds write in the loadImage() in tiffcrop. By persuading a victim to open a specially crafted image file, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112168 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-5320**
DESCRIPTION:** LibTIFF could allow a remote attacker to execute arbitrary commands on the system, caused by an out-of-bounds write in PixarLogDecode() function in tif_pixarlog.c. By persuading a victim to open a specially-crafted TIFF image file, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS Base Score: 6.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114300 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)

Affected Products and Versions

IBM SmartCloud Entry 2.2.0 through 2.2.0.4 Appliance fix pack 6
IBM SmartCloud Entry 2.3.0 through 2.3.0.4 Appliance fix pack 6
IBM SmartCloud Entry 2.4.0 through 2.4.0.4 Appliance fix pack 6
IBM SmartCloud Entry 3.1.0 through 3.1.0.4 Appliance fix pack 21
IBM SmartCloud Entry 3.2.0 through 3.2.0.4 Appliance fix pack 21

Remediation/Fixes

Product

| VRMF| APAR| Remediation/First Fix
—|—|—|—
IBM SmartCloud Entry| 2.2| None| IBM SmartCloud Entry 2.2.0 Appliance fix pack 7:

http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+Starter+Kit+for+Cloud&fixids=2.2.0.4-IBM-SKC_APPL-FP007&source=SAR
IBM SmartCloud Entry| 2.3| None| IBM SmartCloud Entry 2.3.0 Appliance fix pack 7:

http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=2.3.0.4-IBM-SCE_APPL-FP007&source=SAR
IBM SmartCloud Entry| 2.4| None| IBM SmartCloud Entry 2.4.0 Appliance fix pack 7:

http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=2.4.0.4-IBM-SCE_APPL-FP007&source=SAR
IBM SmartCloud Entry| 3.1| None| IBM SmartCloud Entry 3.1.0 Appliance fix pack 22:

http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=3.1.0.4-IBM-SCE_APPL-FP22&source=SAR
IBM SmartCloud Entry| 3.2| None| IBM SmartCloud Entry 3.2.0 Appliance fix pack 22:

http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=3.2.0.4-IBM-SCE_APPL-FP22&source=SAR

Workarounds and Mitigations

None