Synopsis
Moderate: libtiff security update
Type/Severity
Security Advisory: Moderate
Topic
An update for libtiff is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, wh ...
Multiple vulnerabilities have been discovered in the libtiff library and
the included tools, which may result in denial of service or the
execution of arbitrary code if malformed image files are processed
For the stable distribution (stretch), these problems have been fixed in
version 408-2+deb9u4
We recommend that you upgrade your tiff package ...
LibTIFF could be made to crash or run programs as your login if it opened a
specially crafted file ...
LibTIFF could be made to crash or run programs as your login if it opened a
specially crafted file ...
Debian Bug report logs -
#909037
tiff: CVE-2018-17101: Out-of-bounds Write in the tiff2bw and pal2rgb tools
Package:
src:tiff;
Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 17 Sep 2018 18:51:07 UTC
Severity: grave
Tags: patch, se ...
Debian Bug report logs -
#909038
tiff: CVE-2018-17100: potential int32 overflow in multiply_ms() function
Package:
src:tiff;
Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 17 Sep 2018 18:57:01 UTC
Severity: grave
Tags: patch, secu ...
Debian Bug report logs -
#911635
tiff: CVE-2018-18557: JBIG: fix potential out-of-bounds write in JBIGDecode()
Package:
src:tiff;
Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 22 Oct 2018 20:27:01 UTC
Severity: grave
Tags: patch, ...
Debian Bug report logs -
#869823
tiff: CVE-2017-11613
Package:
src:tiff;
Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Wed, 26 Jul 2017 19:39:01 UTC
Severity: grave
Tags: fixed-upstream, security, upstream
Found in versions tiff/40 ...
Buffer overflow in the readextension function in gif2tiffc in LibTIFF 406 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file(CVE-2016-3186)
An integer overflow has been discovered in libtiff in TIFFSetupStrips:tif_writec, which could lead to a heap-based buffer overflow in TIFFWriteScanline:tif_writ ...
Buffer overflow in the readextension function in gif2tiffc in LibTIFF 406 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file(CVE-2016-3186)
An integer overflow has been discovered in libtiff in TIFFSetupStrips:tif_writec, which could lead to a heap-based buffer overflow in TIFFWriteScanline:tif_writ ...
An issue was discovered in LibTIFF 409 There are two out-of-bounds writes in cpTags in tools/tiff2bwc and tools/pal2rgbc, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file ...