CVE-2017-13727

LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file ...

Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code For the oldstable distribution (jessie), these problems have been fixed in version 403-123+deb8u5 For the stable distribution (stretch), these problems have been fixed in version ...

Debian Bug report logs - #866109 tiff: CVE-2017-9935: Heap-based buffer overflow in t2p_write_pdf Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 27 Jun 2017 12:21:01 UTC Severity: grave Tags: fixed-upstream, sec ...

Debian Bug report logs - #873879 tiff: CVE-2017-13727 Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 31 Aug 2017 20:21:04 UTC Severity: important Tags: patch, security, upstream Found in version tiff/403-123 ...

Debian Bug report logs - #873880 tiff: CVE-2017-13726 Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 31 Aug 2017 20:33:01 UTC Severity: important Tags: patch, security, upstream Found in version tiff/403-123 ...

There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 408, related to tif_dirwritec and a SubIFD tag A crafted input will lead to a remote denial of service attack ...