Synopsis
Low: compat-libtiff3 security update
Type/Severity
Security Advisory: Low
Topic
An update for compat-libtiff3 is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, w ...
Synopsis
Moderate: libtiff security update
Type/Severity
Security Advisory: Moderate
Topic
An update for libtiff is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, wh ...
LibTIFF could be made to crash or run programs as your login if it opened a
specially crafted file ...
Multiple vulnerabilities have been discovered in the libtiff library and
the included tools, which may result in denial of service or the
execution of arbitrary code if malformed image files are processed
For the stable distribution (stretch), these problems have been fixed in
version 408-2+deb9u4
We recommend that you upgrade your tiff package ...
Buffer overflow in the readextension function in gif2tiffc in LibTIFF 406 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file(CVE-2016-3186)
An integer overflow has been discovered in libtiff in TIFFSetupStrips:tif_writec, which could lead to a heap-based buffer overflow in TIFFWriteScanline:tif_writ ...
Debian Bug report logs -
#891288
tiff: CVE-2018-7456: null pointer dereference
Package:
src:tiff;
Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 24 Feb 2018 09:27:02 UTC
Severity: important
Tags: fixed-upstream, security, upstream ...
Debian Bug report logs -
#883320
tiff: CVE-2017-17095: heap-based buffer overflow in pal2rgb tool
Package:
src:tiff;
Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 2 Dec 2017 11:00:02 UTC
Severity: normal
Tags: security, upstream ...
Debian Bug report logs -
#909037
tiff: CVE-2018-17101: Out-of-bounds Write in the tiff2bw and pal2rgb tools
Package:
src:tiff;
Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 17 Sep 2018 18:51:07 UTC
Severity: grave
Tags: patch, se ...
Debian Bug report logs -
#909038
tiff: CVE-2018-17100: potential int32 overflow in multiply_ms() function
Package:
src:tiff;
Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 17 Sep 2018 18:57:01 UTC
Severity: grave
Tags: patch, secu ...
Debian Bug report logs -
#911635
tiff: CVE-2018-18557: JBIG: fix potential out-of-bounds write in JBIGDecode()
Package:
src:tiff;
Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 22 Oct 2018 20:27:01 UTC
Severity: grave
Tags: patch, ...
Debian Bug report logs -
#869823
tiff: CVE-2017-11613
Package:
src:tiff;
Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Wed, 26 Jul 2017 19:39:01 UTC
Severity: grave
Tags: fixed-upstream, security, upstream
Found in versions tiff/40 ...
A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_printc in LibTIFF 409 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013 (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch) ...
A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_printc in LibTIFF 409 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013 (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch)(CVE-2018-7456) ...
Buffer overflow in the readextension function in gif2tiffc in LibTIFF 406 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file(CVE-2016-3186)
An integer overflow has been discovered in libtiff in TIFFSetupStrips:tif_writec, which could lead to a heap-based buffer overflow in TIFFWriteScanline:tif_writ ...
A null pointer dereference occurs in the function TIFFPrintDirectory in tif_printc in LibTIFF before 4010 when using the tiffinfo tool to print crafted TIFF information ...