Debian Security Advisory
DLA-877-1 tiff -- LTS security update
- Date Reported:
- 28 Mar 2017
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2016-10266, CVE-2016-10267, CVE-2016-10268, CVE-2016-10269.
- More information:
libtiff is vulnerable to multiple buffer overflows and integer overflows that can lead to application crashes (denial of service) or worse.
Integer overflow that can lead to divide-by-zero in TIFFReadEncodedStrip (tif_read.c).
Divide-by-zero error in OJPEGDecodeRaw (tif_ojpeg.c). CVE-2016-10268
Heap-based buffer overflow in TIFFReverseBits (tif_swab.c).
Heap-based buffer overflow in _TIFFmemcpy (tif_unix.c).
For Debian 7
Wheezy, these problems have been fixed in version 4.0.2-6+deb7u11.
We recommend that you upgrade your tiff packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS