SB2025021420 - Multiple vulnerabilities in IBM Dynamic System Analysis (DSA) Preboot

Description

This security bulletin contains information about 9 secuirty vulnerabilities.

1) Null pointer dereference (CVE-ID: CVE-2018-18661)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to NULL pointer dereference in the function LZWDecode in the file tif_lzw.c. A remote attacker can trick the victim into opening a specially crafted input, trigger NULL pointer dereference and cause the service to crash.

2) Heap-based buffer overflow (CVE-ID: CVE-2018-12900)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c. A remote unauthenticated attacker can trick the victim into opening a specially crafted TIFF file that can trigger memory corruption and cause the service to crash.

3) Improper input validation (CVE-ID: CVE-2017-9147)

The vulnerability allows a remote attacker to cause DoS condition.

The weakness exits due to invalid read in the _TIFFVGetField function in tif_dir.c. A remote attacker can send specially crafted TIFF file and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

4) Heap-based buffer over-read (CVE-ID: CVE-2017-9117)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in bmp2tiff due to heap-based buffer over-read when the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input. A remote attacker can trigger memory corruption and cause the service to crash.

5) Out-of-bounds read (CVE-ID: CVE-2016-9273)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode.

6) Out-of-bounds read (CVE-ID: CVE-2016-3621)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c lzw" option is used,. A remote attacker can perform a denial of service (buffer over-read) via a crafted BMP image.

7) Out-of-bounds read (CVE-ID: CVE-2016-3620)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF, when the "-c zip" option is used. A remote attacker can perform a denial of service (buffer over-read) by sending a crafted BMP image.

8) Out-of-bounds read (CVE-ID: CVE-2016-3619)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used,. A remote attacker can perform a denial of service (buffer over-read) via a crafted BMP image.

9) Integer overflow (CVE-ID: CVE-2015-8870)

The vulnerability allows a remote attacker to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory.

The vulnerability exists in tools/bmp2tiff.c in LibTIFF. A remote attacker can pass specially crafted width and length values in RLE4 or RLE8 data in a BMP file to the application, trigger integer overflow and cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory

Remediation

Install update from vendor's website.

References

• https://www.ibm.com/support/pages/node/882120