Bug 33267

Suggested advisory:
========================

The updated packages fix a security vulnerability:

A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file. (CVE-2023-3164)

References:
https://lists.suse.com/pipermail/sle-security-updates/2024-June/018642.html
========================

Updated packages in core/updates_testing:
========================
lib(64)tiff6-4.5.1-1.4.mga9
lib(64)tiff-devel-4.5.1-1.4.mga9
lib(64)tiff-static-devel-4.5.1-1.4.mga9
libtiff-progs-4.5.1-1.4.mga9

from SRPM:
libtiff-4.5.1-1.4.mga9.src.rpm

Assignee: bugsquad => qa-bugs
Status: NEW => ASSIGNED

RH mageia 9 x86_64

Install current libtiff-progs
Download one POC

Rune test command

tiffcrop -R 270 -S 4:2 -O l -e d -U cm -m 1,2,3,4 -i libtiffpoc1 /dev/null

TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
TIFFReadDirectory: Warning, Unknown field with tag 59649 (0xe901) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 509 (0x1fd) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 501 (0x1f5) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 7442 (0x1d12) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 32552 (0x7f28) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 48602 (0xbdda) encountered.
TIFFReadDirectory: Warning, Unknown field with tag 24000 (0x5dc0) encountered.
TIFFFetchNormalTag: Warning, Sanity check on size of "Tag 59649" value failed; tag ignored.
TIFFFetchNormalTag: Warning, IO error during reading of "DocumentName"; tag ignored.
TIFFFetchNormalTag: Warning, IO error during reading of "Tag 7442"; tag ignored.
TIFFFetchNormalTag: Defined set_field_type of custom tag 32552 (Tag 32552) is TIFF_SETGET_UNDEFINED and thus tag is not read from file.
TIFFFetchNormalTag: Defined set_field_type of custom tag 48602 (Tag 48602) is TIFF_SETGET_UNDEFINED and thus tag is not read from file.
TIFFFetchNormalTag: Defined set_field_type of custom tag 24000 (Tag 24000) is TIFF_SETGET_UNDEFINED and thus tag is not read from file.
TIFFReadDirectory: Warning, Bogus "StripByteCounts" field, ignoring and calculating from imagelength.
TIFFAdvanceDirectory: Error fetching directory count.
loadImage: Image lacks Photometric interpretation tag.
computeOutputPixelOffsets: Number of user input section rows down (2) was changed to (6).
computeOutputPixelOffsets: Number of user input section cols across (4) was changed to (2).
TIFFOpen: /dev/null-001.tiff: Permission denied.
update_output_file: Unable to open output file /dev/null-001.tiff.


LC_ALL=C urpmi --auto --auto-update
medium "QA Testing (64-bit)" is up-to-date
medium "Core Release (distrib1)" is up-to-date
medium "Core Updates (distrib3)" is up-to-date
medium "Nonfree Release (distrib11)" is up-to-date
medium "Nonfree Updates (distrib13)" is up-to-date
medium "Tainted Release (distrib21)" is up-to-date
medium "Tainted Updates (distrib23)" is up-to-date
medium "Core 32bit Release (distrib31)" is up-to-date
medium "Core 32bit Updates (distrib32)" is up-to-date
medium "Nonfree 32bit Release (distrib36)" is up-to-date
medium "Tainted 32bit Release (distrib41)" is up-to-date
medium "Tainted 32bit Updates (distrib42)" is up-to-date


installing libtiff-progs-4.5.1-1.4.mga9.x86_64.rpm lib64tiff6-4.5.1-1.4.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/2: lib64tiff6            ##################################################################################################
      2/2: libtiff-progs         ##################################################################################################
      1/2: removing libtiff-progs-4.5.1-1.3.mga9.x86_64
                                 ##################################################################################################
      2/2: removing lib64tiff6-4.5.1-1.3.mga9.x86_64
                                 ##################################################################################################
writing /var/lib/rpm/installed-through-deps.list

The output of test command still the same, assume because is not build with address sanitizer

strace gimp show the library is openend

openat(AT_FDCWD, "/lib64/libtiff.so.6", O_RDONLY|O_CLOEXEC) = 3

gimp start without issues

CC: (none) => andrewsfarm

MGA9-64 Plasma Wayland on HP-Pavillion
No installation issues
Testesd according QA procedure and previous updates:
$ tiff2pdf voss2.tiff > test.pdf
pdf file opens OK, picture displays OK

$ tiffinfo voss2.tiff
=== TIFF directory 0 ===
TIFF Directory at offset 0x13d9588 (20813192)
  Image Width: 3248 Image Length: 2136
  Resolution: 2400, 2400 pixels/inch
  Position: 0, 0
  Bits/Sample: 8
  Compression Scheme: None
  Photometric Interpretation: RGB color
  FillOrder: msb-to-lsb
  Orientation: row 0 top, col 0 lhs
  Samples/Pixel: 3
  Rows/Strip: 96
  Planar Configuration: single image plane
  Page Number: 0-1
  White Point: 0.3127-0.329
  PrimaryChromaticities: 0.640000,0.330000,0.300000,0.600000,0.150000,0.060000

$ gimp voss2.tiff
Image opens OK and I can do some manipulations.
Good enough for me

CC: (none) => herman.viaene
Whiteboard: (none) => MGA9-64-OK

Validating.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0213.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED