Package : tiff Version : 4.0.2-6+deb7u16 CVE ID : CVE-2017-11335 CVE-2017-12944 CVE-2017-13726 CVE-2017-13727 Debian Bug : 868513 872607 873880 873879 Several vulnerabilities have been discovered in the Tag Image File Format (TIFF) library and its associated tools. CVE-2017-11335 A heap based buffer overflow via a PlanarConfig=Contig image, which causes an out-of-bounds write (related to the ZIPDecode function). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack. CVE-2017-12944 A mishandling of memory allocation for short files allows attackers to cause a denial of service (allocation failure and application crash) during a tiff2pdf invocation. CVE-2017-13726 A reachable assertion abort allows a crafted input to lead to a remote denial of service attack. CVE-2017-13727 A reachable assertion abort allows a crafted input to lead to a remote denial of service attack. For Debian 7 "Wheezy", these problems have been fixed in version 4.0.2-6+deb7u16. We recommend that you upgrade your tiff packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: Digital signature