Candidate: CVE-2015-1547
PublicDate: 2016-04-13 17:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1547
 http://lcamtuf.coredump.cx/afl/vulns/libtiff5.tif
 http://www.openwall.com/lists/oss-security/2015/01/24/16
 http://www.openwall.com/lists/oss-security/2015/02/07/5
Description:
 The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to
 cause a denial of service (uninitialized memory access) via a crafted TIFF
 image, as demonstrated by libtiff5.tif.
Ubuntu-Description:
Notes:
 mdeslaur> Fix included in CVE-2014-9655-2
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777390
Priority: medium
Discovered-by: Michal Zalewski
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [6.5 MEDIUM]

Patches_tiff:
upstream_tiff: needs-triage
lucid_tiff: released (3.9.2-2ubuntu0.15)
precise_tiff: released (3.9.5-2ubuntu1.7)
trusty_tiff: released (4.0.3-7ubuntu0.2)
trusty/esm_tiff: released (4.0.3-7ubuntu0.2)
utopic_tiff: released (4.0.3-10ubuntu0.1)
vivid_tiff: released (4.0.3-12.3ubuntu1)
vivid/stable-phone-overlay_tiff: released (4.0.3-12.3ubuntu1)
vivid/ubuntu-core_tiff: DNE
wily_tiff: not-affected (4.0.3-12.3ubuntu2)
devel_tiff: not-affected (4.0.6-1)