Synopsis
Moderate: libtiff security update
Type/Severity
Security Advisory: Moderate
Topic
An update for libtiff is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scori ...
LibTIFF could be made to crash or run programs as your login if it opened a
specially crafted file ...
Multiple vulnerabilities have been discovered in the libtiff library
and the included tools tiff2rgba, rgb2ycbcr, tiffcp, tiffcrop, tiff2pdf
and tiffsplit, which may result in denial of service, memory disclosure
or the execution of arbitrary code
There were additional vulnerabilities in the tools bmp2tiff, gif2tiff,
thumbnail and ras2tiff, but si ...
Multiple flaws have been discovered in libtiff A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files (CVE-2016-9533, CVE-2016-9534, CVE-2016-9535)
Multiple flaws have been discovered in variou ...
tools/tiffcpc in libtiff 406 has an out-of-bounds write on tiled images with odd tile width versus image width Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow" ...
Debian Bug report logs -
#820362
tiff: CVE-2016-3619: Memory corruption in DumpModeEncode triggered by crafted bmp file
Package:
src:tiff;
Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Thu, 7 Apr 2016 18:51:02 UTC
Severity: important ...
Debian Bug report logs -
#842361
CVE-2016-5652: heap based buffer overflow in tiff2pdf
Package:
tiff;
Maintainer for tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>;
Reported by: Raphael Hertzog <hertzog@debianorg>
Date: Fri, 28 Oct 2016 12:42:05 UTC
Severity: important
Tags: fixed-upstream, patch, security, upstr ...
Debian Bug report logs -
#820363
tiff: CVE-2016-3620: Out-of-bound read in ZIPEncode
Package:
src:tiff;
Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Thu, 7 Apr 2016 18:51:06 UTC
Severity: important
Tags: security, upstream
Found in ...
Debian Bug report logs -
#819972
tiff: CVE-2016-3186: buffer overflow in gif2tiff
Package:
src:tiff;
Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 4 Apr 2016 12:51:02 UTC
Severity: important
Tags: security, upstream, wontfix
Fo ...
Debian Bug report logs -
#842046
Multiple CVE: Remove tools dropped by upstream
Package:
tiff;
Maintainer for tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>;
Reported by: Raphael Hertzog <hertzog@debianorg>
Date: Tue, 25 Oct 2016 14:00:02 UTC
Severity: important
Tags: security
Found in version 402-6
Fixed in v ...
Debian Bug report logs -
#842270
CVE-2016-6223: information leak in libtiff/tif_readc
Package:
tiff;
Maintainer for tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>;
Reported by: Raphael Hertzog <hertzog@debianorg>
Date: Thu, 27 Oct 2016 14:30:01 UTC
Severity: important
Tags: fixed-upstream, patch, security, upstr ...
Debian Bug report logs -
#820364
tiff: CVE-2016-3621: Out-of-bounds Read in the bmp2tiff tool
Package:
src:tiff;
Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Thu, 7 Apr 2016 18:51:11 UTC
Severity: important
Tags: security, upstream
...
Debian Bug report logs -
#820366
tiff: CVE-2016-3631: Illegal read in the cpStrips and cpTiles function
Package:
src:tiff;
Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Thu, 7 Apr 2016 18:54:02 UTC
Severity: important
Tags: fixed-ups ...
It was found that tools/tiffcpc in libtiff 406 has an out-of-bounds heap write on tiled images with odd tile width versus image width This has also been reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow" ...
Vulmon