Debian Security Advisory
DSA-5333-1 tiff -- security update
- Date Reported:
- 29 Jan 2023
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 1011160, Bug 1014494, Bug 1022555, Bug 1024737, Bug 1029653.
In Mitre's CVE dictionary: CVE-2022-1354, CVE-2022-1355, CVE-2022-1622, CVE-2022-1623, CVE-2022-2056, CVE-2022-2057, CVE-2022-2058, CVE-2022-2519, CVE-2022-2520, CVE-2022-2521, CVE-2022-2867, CVE-2022-2868, CVE-2022-2869, CVE-2022-2953, CVE-2022-3570, CVE-2022-3597, CVE-2022-3599, CVE-2022-3627, CVE-2022-34526, CVE-2022-48281.
- More information:
Several buffer overflow, divide by zero or out of bounds read/write vulnerabilities were discovered in tiff, the Tag Image File Format (TIFF) library and tools, which may cause denial of service when processing a crafted TIFF image.
For the stable distribution (bullseye), these problems have been fixed in version 4.2.0-1+deb11u3.
We recommend that you upgrade your tiff packages.
For the detailed security status of tiff please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tiff