Debian Long Term Support / LTS Security Information / 2016 / Security Information -- DLA-716-1 tiff

Debian Security Advisory

DLA-716-1 tiff -- LTS security update

Date Reported:

22 Nov 2016

Affected Packages:

tiff

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 844013, Bug 844226, Bug 844057.
In Mitre's CVE dictionary: CVE-2016-9273, CVE-2016-9297, CVE-2016-9532.

More information:

Multiple memory corruption issues have been identified in libtiff and its associated tools.

• CVE-2016-9273

  Heap buffer overflow in cpStrips().

• CVE-2016-9297

  Read outside buffer in _TIFFPrintField().

• CVE-2016-9532

  Heap buffer overflow via writeBufferToSeparateStrips().

For Debian 7 Wheezy, these problems have been fixed in version 4.0.2-6+deb7u8.

We recommend that you upgrade your tiff packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS