Debian Security Advisory
DLA-2777-1 tiff -- LTS security update
- Date Reported:
- 03 Oct 2021
- Affected Packages:
- tiff
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2020-19131, CVE-2020-19144.
- More information:
-
Two security issues were found in TIFF, a widely used format for storing image data, as follows:
- CVE-2020-19131
Buffer Overflow in LibTiff allows attackers to cause a denial of service via the "invertImage()" function in the component
tiffcrop
. - CVE-2020-19144
Buffer Overflow in LibTiff allows attackers to cause a denial of service via the
in _TIFFmemcpy
funtion in the componenttif_unix.c
.
For Debian 9 stretch, these problems have been fixed in version 4.0.8-2+deb9u7.
We recommend that you upgrade your tiff packages.
For the detailed security status of tiff please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tiff
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
- CVE-2020-19131