### 关键信息 #### 漏洞概述 - **名称**: CVE-2015-7313 - **描述**: LibTIFF 允许远程攻击者通过精心制作的 TIFF 文件导致拒绝服务(内存消耗和崩溃)。 - **来源**: CVE (在 NVD, CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search 等) - **Debian Bugs**: 800124 #### 受影响和已修复的包 | Source Package | Release | Version | Status | |----------------|---------|---------|--------| | tiff (PTS) | bullseye | 4.2.0-1+deb11u5 | fixed | | | bullseye (security) | 4.2.0-1+deb11u6 | fixed | | | bookworm | 4.5.0-6+deb12u2 | fixed | | | bookworm (security) | 4.5.0-6+deb12u1 | fixed | | | trixie | 4.7.0-3 | fixed | | | forky, sid | 4.7.0-4 | fixed | #### 固定版本信息 | Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs | |---------|------|---------|--------------|---------|--------|-------------| | tiff | source | squeeze | (not affected) | - | - | - | | tiff | source | wheezy | (not affected) | - | - | - | | tiff | source | (unstable) | 4.0.7-1 | - | - | 800124 | | tiff3 | source | wheezy | (not affected) | - | - | - | | tiff3 | source | (unstable) | (unfixed) | - | - | - | #### 备注 - [jessie] - tiff (Minor issue) - [wheezy] - tiff (Can't reproduce) - [squeeze] - tiff (Can't reproduce the issue, file is rejected with "Integer overflow in TIFFVStripSize" and "cannot handle") - [wheezy] - tiff3 (Can't reproduce the issue, file is rejected with "Integer overflow in TIFFVStripSize" and "cannot handle") - 测试文件: https://marc.info/?l=oss-security&m=144284777006804&q=p6 - 使用 "ltrace -e realloc tiffdither /tmp/oom.tif /dev/null" 进行重现,最终显示 "libtiff.so.5->realloc(0, 1636178024)"