Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

DSA-3762-1 tiff -- security update

Related Vulnerabilities: CVE-2016-3622   CVE-2016-3623   CVE-2016-3624   CVE-2016-3945   CVE-2016-3990   CVE-2016-3991   CVE-2016-5314   CVE-2016-5315   CVE-2016-5316   CVE-2016-5317   CVE-2016-5321   CVE-2016-5322   CVE-2016-5323   CVE-2016-5652   CVE-2016-6223   CVE-2016-9273   CVE-2016-9297   CVE-2016-9448   CVE-2016-9453   CVE-2016-9532   CVE-2016-9533   CVE-2016-9534   CVE-2016-9536   CVE-2016-9537   CVE-2016-9538   CVE-2016-9540   CVE-2016-10092   CVE-2016-10093   CVE-2016-10094  

Multiple vulnerabilities have been discovered in the libtiff library and the included tools tiff2rgba, rgb2ycbcr, tiffcp, tiffcrop, tiff2pdf and tiffsplit, which may result in denial of service, memory disclosure or the execution of arbitrary code. There were additional vulnerabilities in the tools bmp2tiff, gif2tiff, thumbnail and ras2tiff, but since these were addressed by the libtiff developers by removing the tools altogether, no patches are available and those tools were also removed from the tiff package in Debian stable. The change had already been made in Debian stretch before and no applications included in Debian are known to rely on these scripts. If you use those tools in custom setups, consider using a different conversion/thumbnailing tool. For the stable distribution (jessie), these problems have been fixed in version 4.0.3-12.3+deb8u2. For the testing distribution (stretch), these problems have been fixed in version 4.0.7-4. For the unstable distribution (sid), these problems have been fixed in version 4.0.7-4. We recommend that you upgrade your tiff packages.

Source

Debian Security Advisory

DSA-3762-1 tiff -- security update

Date Reported:
13 Jan 2017
Affected Packages:
tiff
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2016-3622, CVE-2016-3623, CVE-2016-3624, CVE-2016-3945, CVE-2016-3990, CVE-2016-3991, CVE-2016-5314, CVE-2016-5315, CVE-2016-5316, CVE-2016-5317, CVE-2016-5321, CVE-2016-5322, CVE-2016-5323, CVE-2016-5652, CVE-2016-6223, CVE-2016-9273, CVE-2016-9297, CVE-2016-9448, CVE-2016-9453, CVE-2016-9532, CVE-2016-9533, CVE-2016-9534, CVE-2016-9536, CVE-2016-9537, CVE-2016-9538, CVE-2016-9540, CVE-2016-10092, CVE-2016-10093, CVE-2016-10094.
More information:

Multiple vulnerabilities have been discovered in the libtiff library and the included tools tiff2rgba, rgb2ycbcr, tiffcp, tiffcrop, tiff2pdf and tiffsplit, which may result in denial of service, memory disclosure or the execution of arbitrary code.

There were additional vulnerabilities in the tools bmp2tiff, gif2tiff, thumbnail and ras2tiff, but since these were addressed by the libtiff developers by removing the tools altogether, no patches are available and those tools were also removed from the tiff package in Debian stable. The change had already been made in Debian stretch before and no applications included in Debian are known to rely on these scripts. If you use those tools in custom setups, consider using a different conversion/thumbnailing tool.

For the stable distribution (jessie), these problems have been fixed in version 4.0.3-12.3+deb8u2.

For the testing distribution (stretch), these problems have been fixed in version 4.0.7-4.

For the unstable distribution (sid), these problems have been fixed in version 4.0.7-4.

We recommend that you upgrade your tiff packages.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started