Synopsis
Moderate: libtiff security update
Type/Severity
Security Advisory: Moderate
Topic
An update for libtiff is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, wh ...
LibTIFF could be made to crash or run programs as your login if it opened a
specially crafted file ...
Multiple vulnerabilities have been discovered in the libtiff library and
the included tools, which may result in denial of service or the
execution of arbitrary code if malformed image files are processed
For the stable distribution (stretch), these problems have been fixed in
version 408-2+deb9u4
We recommend that you upgrade your tiff package ...
Buffer overflow in the readextension function in gif2tiffc in LibTIFF 406 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file(CVE-2016-3186)
An integer overflow has been discovered in libtiff in TIFFSetupStrips:tif_writec, which could lead to a heap-based buffer overflow in TIFFWriteScanline:tif_writ ...
Debian Bug report logs -
#893806
tiff: CVE-2018-8905: heap-based buffer overflow in LZWDecodeCompat
Package:
src:tiff;
Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Thu, 22 Mar 2018 16:09:01 UTC
Severity: important
Tags: fixed-upstrea ...
Debian Bug report logs -
#898348
tiff: CVE-2018-10963
Package:
src:tiff;
Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Thu, 10 May 2018 15:42:02 UTC
Severity: important
Tags: fixed-upstream, security, upstream
Found in versions tiff/ ...
Debian Bug report logs -
#909037
tiff: CVE-2018-17101: Out-of-bounds Write in the tiff2bw and pal2rgb tools
Package:
src:tiff;
Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 17 Sep 2018 18:51:07 UTC
Severity: grave
Tags: patch, se ...
Debian Bug report logs -
#909038
tiff: CVE-2018-17100: potential int32 overflow in multiply_ms() function
Package:
src:tiff;
Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 17 Sep 2018 18:57:01 UTC
Severity: grave
Tags: patch, secu ...
Debian Bug report logs -
#911635
tiff: CVE-2018-18557: JBIG: fix potential out-of-bounds write in JBIGDecode()
Package:
src:tiff;
Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 22 Oct 2018 20:27:01 UTC
Severity: grave
Tags: patch, ...
Debian Bug report logs -
#869823
tiff: CVE-2017-11613
Package:
src:tiff;
Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Wed, 26 Jul 2017 19:39:01 UTC
Severity: grave
Tags: fixed-upstream, security, upstream
Found in versions tiff/40 ...
Buffer overflow in the readextension function in gif2tiffc in LibTIFF 406 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file(CVE-2016-3186)
An integer overflow has been discovered in libtiff in TIFFSetupStrips:tif_writec, which could lead to a heap-based buffer overflow in TIFFWriteScanline:tif_writ ...
In LibTIFF 409, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzwc via a crafted TIFF file, as demonstrated by tiff2ps ...
In LibTIFF before 4010, a heap-based buffer overflow (out-of-bounds write) occurs in the function LZWDecodeCompat in tif_lzwc via a crafted TIFF file, as demonstrated by the tiff2ps tool ...
Vulmon