Main Vulnerability Database SB2025021407

SB2025021407 - Multiple vulnerabilities in IBM Dynamic System Analysis (DSA) Preboot

Published: February 14, 2025

Security Bulletin ID SB2025021407

Severity

High

Patch available

YES

Number of vulnerabilities 25

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 25 secuirty vulnerabilities.

1) Heap-based buffer overflow (CVE-ID: CVE-2018-8905)

The vulnerability allows a remote authenticated attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists in the LZWDecodeCompat function due to insufficient validation of user-supplied input. A remote attacker can submit a specially crafted TIFF file, cause the service to crash or execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

2) Out-of-bounds write (CVE-ID: CVE-2014-8128)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted TIFF image, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.

3) Out-of-bounds write (CVE-ID: CVE-2015-7554)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error in _TIFFVGetField() function in tif_dir.c in libtiff 4.0.6. A remote attacker can create a specially crafted TIFF image, trick the victim into opening it and execute arbitrary code on the target system.

4) Stack-based buffer overflow (CVE-ID: CVE-2016-10095)

The vulnerability allows a remote attacker to cause DoS condition.

The weakness exits due to stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c. A remote attacker can send specially crafted TIFF file and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

5) Division by zero (CVE-ID: CVE-2016-10266)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to divide-by-zero error within LibTIFF 4.0.7. A remote attacker can perform a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22.

6) Out-of-bounds write (CVE-ID: CVE-2016-3632)

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code.

The weakness exists in the _TIFFVGetField function in tif_dirinfo.c due to out-of-bounds write. A remote attacker can supply a specially crafted TIFF image and cause the service to crash or execute arbitrary code with elevated privileges.

7) Stack-based buffer overflow (CVE-ID: CVE-2016-5318)

The vulnerability allows a remote attacker can cause DoS condition on the target system.

The weakness exists in the _TIFFVGetField function due to stack-based buffer overflow. A remote attacker can submit a specially crafted tiff file and cause the service to crash.

8) Remote code execution (CVE-ID: CVE-2016-8331)

The vulnerability allows a remote unauthenticated user to execute arbitrary code execution om the target system.
The weakness exists due to improper handling of compressed, TIFF images. By convincing the victim to open a file with specially crafted TIFF images, attackers can trigger a type confusion condition and execute arbitrary code.
Successful exploitation of the vulnerability results in arbitrary code execution.

9) Buffer overflow (CVE-ID: CVE-2016-9535)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."

10) Buffer overflow (CVE-ID: CVE-2016-9540)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow."

11) Heap-based buffer overflow (CVE-ID: CVE-2017-5225)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error in "tools/tiffcp.cwhen" processing images. A remote attacker can create an image with specially crafted BitsPerSample value, trigger heap-based buffer overflow and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

12) NULL pointer dereference (CVE-ID: CVE-2018-7456)

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The vulnerability exists in the TIFFPrintDirectory function that is defined in the tif_print.c source code file due to NULL pointer dereference. A remote attacker can create a specially crafted TIFF file, trick the victim into opening it and cause the service to crash.

13) Improper input validation (CVE-ID: CVE-2017-11613)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the TIFFOpen function due to improper checking of td_imagelength during the TIFFOpen process. A remote attacker can cause the service to crash.

14) Memory corruption (CVE-ID: CVE-2017-9935)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the t2p_write_pdf function in tools/tiff2pdf.c due to heap-based buffer overflow. A remote attacker can submit a specially crafted TIFF document, trigger out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may result in system compromise.

15) Heap-based buffer overflow (CVE-ID: CVE-2018-16335)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to heap-based buffer overflow in newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c. A remote unauthenticated attacker can trick the victim into opening a specially crafted crafted TIFF file, trigger memory corruption and cause the affected software to crash, resulting in a DoS condition.

16) Out-of-bounds read (CVE-ID: CVE-2018-17101)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to out-of-bounds read during insufficient validation of user-supplied input processed by the cpTags function, as defined in the tools/tiff2bw.c and tools/pal2rgb.c source code files. A remote unauthenticated attacker can trick the victim into opening or executing an image file that submits malicious input to the targeted system. A successful exploit could trigger memory corruption and cause the affected software to crash, resulting in a DoS condition.

17) Integer overflow (CVE-ID: CVE-2018-17100)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to int32 overflow when insufficient validation of user-supplied input processed by the multiply_ms() function, as defined in the tools/ppm2tiff.c source code file. A remote unauthenticated attacker can trick the victim into opening or executing an image file that submits malicious input to the targeted system. A successful exploit could trigger memory corruption and cause the affected software to crash, resulting in a DoS condition.

18) Heap-based buffer overflow (CVE-ID: CVE-2018-17795)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the t2p_write_pdf() function in tiff2pdf.c file. A remote attacker can use a specially crafted TIFF file to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

19) Heap-based buffer overflow (CVE-ID: CVE-2015-8668)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier. A remote attacker can use a large width field in a BMP image. to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

20) Buffer overflow (CVE-ID: CVE-2016-5319)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists in tif_packbits.c. A remote attacker can create a specially crafted bmp file, trick the victim into opening it, trigger memory corruption and perform a denial of service attack.

21) Buffer over-read (CVE-ID: CVE-2017-17942)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c. A remote attacker can perform a denial of service attack.

22) Heap-based buffer over-read (CVE-ID: CVE-2018-10779)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the TIFFWriteScanline function in the tif_write.csource code file due to insufficient validation of user-supplied input. A local attacker can use the .bmp2tiff command to execute a specially crafted file, trigger heap-based buffer over-read and cause the service to crash.

23) Heap-based buffer overflow (CVE-ID: CVE-2016-10092)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c when processing malicious input. A remote attacker can send a specially crafted image, trigger memory corruption and cause the service to crash.

24) Memory corruption (CVE-ID: CVE-2016-10093)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to integer overflow in tools/tiffcp.c when processing malicious input. A remote attacker can send a specially crafted image, trigger heap-based buffer overflow and cause the service to crash.

25) Off-by-one error (CVE-ID: CVE-2016-10094)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c when processing malicious input. A remote attacker can send a specially crafted image and cause the service to crash.

Remediation

Install update from vendor's website.

References

https://www.ibm.com/support/pages/node/874884

SB2025021407 - Multiple vulnerabilities in IBM Dynamic System Analysis (DSA) Preboot

Breakdown by Severity

Description

Remediation

References

Please verify you're human