Debian Security Advisory
DLA-2777-1 tiff -- LTS security update
- Date Reported:
- 03 Oct 2021
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2020-19131, CVE-2020-19144.
- More information:
Two security issues were found in TIFF, a widely used format for storing image data, as follows:
Buffer Overflow in LibTiff allows attackers to cause a denial of service via the "invertImage()" function in the component
Buffer Overflow in LibTiff allows attackers to cause a denial of service via the
in _TIFFmemcpyfuntion in the component
For Debian 9 stretch, these problems have been fixed in version 4.0.8-2+deb9u7.
We recommend that you upgrade your tiff packages.
For the detailed security status of tiff please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tiff
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS