LibTIFF could be made to crash or run programs as your login if it opened a
specially crafted file ...
Multiple vulnerabilities have been discovered in the libtiff library and
the included tools, which may result in denial of service or the
execution of arbitrary code if malformed image files are processed
For the stable distribution (stretch), these problems have been fixed in
version 408-2+deb9u4
We recommend that you upgrade your tiff package ...
Debian Bug report logs -
#891288
tiff: CVE-2018-7456: null pointer dereference
Package:
src:tiff;
Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 24 Feb 2018 09:27:02 UTC
Severity: important
Tags: fixed-upstream, security, upstream ...
Debian Bug report logs -
#883320
tiff: CVE-2017-17095: heap-based buffer overflow in pal2rgb tool
Package:
src:tiff;
Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 2 Dec 2017 11:00:02 UTC
Severity: normal
Tags: security, upstream ...
Debian Bug report logs -
#907795
tiff: CVE-2018-16335: heap-buffer-overflow
Package:
src:tiff;
Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sun, 2 Sep 2018 09:00:02 UTC
Severity: important
Tags: security, upstream
Found in versions ...
Debian Bug report logs -
#909037
tiff: CVE-2018-17101: Out-of-bounds Write in the tiff2bw and pal2rgb tools
Package:
src:tiff;
Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 17 Sep 2018 18:51:07 UTC
Severity: grave
Tags: patch, se ...
Debian Bug report logs -
#909038
tiff: CVE-2018-17100: potential int32 overflow in multiply_ms() function
Package:
src:tiff;
Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 17 Sep 2018 18:57:01 UTC
Severity: grave
Tags: patch, secu ...
Debian Bug report logs -
#911635
tiff: CVE-2018-18557: JBIG: fix potential out-of-bounds write in JBIGDecode()
Package:
src:tiff;
Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 22 Oct 2018 20:27:01 UTC
Severity: grave
Tags: patch, ...
Debian Bug report logs -
#869823
tiff: CVE-2017-11613
Package:
src:tiff;
Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Wed, 26 Jul 2017 19:39:01 UTC
Severity: grave
Tags: fixed-upstream, security, upstream
Found in versions tiff/40 ...
In LibTIFF before 4010, there is a denial of service vulnerability in the TIFFOpen function triggered by resource consumption via crafted input files During the TIFFOpen process, td_imagelength is not checked The value of td_imagelength can be directly controlled by an input file In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMal ...