[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2009-1] tiff security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : tiff
Version        : 4.0.3-12.3+deb8u10
CVE ID         : CVE-2017-17095 CVE-2018-12900 CVE-2018-18661
                 CVE-2019-6128 CVE-2019-17546


Several issues have been found in tiff, a Tag Image File Format library.

CVE-2019-17546

     The RGBA interface contains an integer overflow that might lead
     to heap buffer overflow write.

CVE-2019-6128

     A memory leak exists due to missing cleanup code.

CVE-2018-18661

     In case of exhausted memory there is a null pointer dereference
     in tiff2bw.

CVE-2018-12900

     Fix for heap-based buffer overflow, that could be used to crash an
     application or even to execute arbitrary code (with the permission
     of the user running this application).

 CVE-2017-17095

     A crafted tiff file could lead to a heap buffer overflow in pal2rgb.


For Debian 8 "Jessie", these problems have been fixed in version
4.0.3-12.3+deb8u10.

We recommend that you upgrade your tiff packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl3dmCZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEd9LRAAr0Rd9+KqBflydKwo6NKuLGRNHI4G+mFPOMBIN+MSro1LwkZ9TeSyB9C7
62ANXPSZb5Se/ICFsv7GtmvAzsDJep0JF7IEiIoT48FFVCMGmfoNF9Z+Kac8ZnBI
bSN47mJuLQ1Qd/gdxnzftZdIVREpGfAn0nV2koU5hs5dHKe+7Pz5Ol3zikUmmXbj
oB4xRCcpdgDF0YMQd9VJUtZGiBvnzY5ODlOxHPA1c75rdAG76YL3GKdN5BDmkktc
eVjTdU8lRYa7lZFRDDpT7Re6KM6eP11u2N4CDLd9Dzf8daHzELtIV5Dvi3LnYFq2
LK9jH7nMwjr1OQVaGBEfyO1ytSN5yellUYtKAsVJwql+LvXSpxaOBU1VVuoBxeBd
j9sIazEgkQJSXKESuzSRjQsZxxTGobAQh07LKJ6oJgs2C8V6JlXn4ais2V28AOPV
shUE4zeZumShqWDXpXDzipzFyHBYjE6YKARJAK65s7PlvzvjVzIAgbIjuQV7HauJ
MHisL77Yb5lZnkkHu8pFH93FJ5v339N3sirPHMT/khkZnQNiqI8JIKazs0QOi7f7
OiFyjjWuUjVQh87eih3pSdcCRNFTHCiMuYdVmlTnxkg+1nf0Kih+V1PQm+lYNNa8
BpoMiqTGkr7o7evywxp7fAPkRqUVMqtNQMuXd4MnJdgwlsNA14E=
=l51z
-----END PGP SIGNATURE-----


Reply to: