UbuntuUpdates.org

Package "libtiff5"

Name: libtiff5

Description:

Tag Image File Format (TIFF) library

Latest version: 4.0.9-5ubuntu0.7
Release: bionic (18.04)
Level: security
Repository: main
Head package: tiff
Homepage: http://libtiff.maptools.org

Links


Download "libtiff5"


Other versions of "libtiff5" in Bionic

Repository Area Version
base main 4.0.9-5
updates main 4.0.9-5ubuntu0.7

Changelog

Version: 4.0.9-5ubuntu0.7 2022-09-20 10:07:06 UTC

  tiff (4.0.9-5ubuntu0.7) bionic-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds read error in tiffcrop
    - debian/patches/CVE-2020-19131.patch: fix invertImage() for bps 2 and 4.
    - CVE-2020-19131
  * SECURITY UPDATE: out-of-bounds read error when executing LogLuv
    compression routines
    - debian/patches/CVE-2020-19144.patch: LogLuvSetupEncode() error must
      return 0.
    - CVE-2020-19144
  * SECURITY UPDATE: buffer overflow issue in tiffcp tool
    - debian/patches/CVE-2022-1355.patch: tiffcp: avoid buffer overflow in
      "mode" string.
    - CVE-2022-1355
  * SECURITY UPDATE: Divide By Zero error in tiffcrop
    - debian/patches/CVE-2022-2056_2057_2058.patch: fix the FPE in tiffcrop
    - CVE-2022-2056
    - CVE-2022-2057
    - CVE-2022-2058

 -- Nishit Majithia <email address hidden> Fri, 16 Sep 2022 19:12:06 +0530

Source diff to previous version
CVE-2020-19131 Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop".
CVE-2020-19144 Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFmemcpy' funtion in the component 'tif_unix.c'.
CVE-2022-1355 A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiff
CVE-2022-2056 Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libti
CVE-2022-2057 Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libti
CVE-2022-2058 Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libti

Version: 4.0.9-5ubuntu0.6 2022-09-12 09:07:04 UTC

  tiff (4.0.9-5ubuntu0.6) bionic-security; urgency=medium

  * SECURITY UPDATE: NULL Pointer Dereference
    - debian/patches/CVE-2022-0907.patch: add checks for return value of
    limitMalloc in tools/tiffcrop.c.
    - debian/patches/CVE-2022-0908.patch: avoid
    calling memcpy() with a null source pointer and size of zero in
    libtiff/tif_dirread.c.
    - CVE-2022-0907
    - CVE-2022-0908
  * SECURITY UPPDATE: floating point exception
    - debian/patches/CVE-2022-0909.patch: fix the FPE in tiffcrop by
    checking if variable is Nan in libtiff/tif_dir.c.
    - CVE-2022-0909
  * SECURITY UPDATE: heap buffer overflow in cpContigBufToSeparateBuf
    - debian/patches/CVE-2022-0924.patch: fix heap buffer overflow in
    tools/tiffcp.c.
    - CVE-2022-0924
  * SECURITY UPDATE: out-of-bounds with custom tag
    - debian/patches/CVE-2022-22844.patch: fix global-buffer-overflow
    for ASCII tags where count is required in tools/tiffset.c.
    - CVE-2022-22844

 -- David Fernandez Gonzalez <email address hidden> Thu, 08 Sep 2022 17:07:14 +0200

Source diff to previous version
CVE-2022-0907 Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file
CVE-2022-0908 Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could le
CVE-2022-0909 Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libti
CVE-2022-0924 Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile lib
CVE-2022-22844 LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of th

Version: 4.0.9-5ubuntu0.5 2022-05-16 08:06:16 UTC

  tiff (4.0.9-5ubuntu0.5) bionic-security; urgency=medium

  * SECURITY UPDATE: malloc failure in TIFF2RGBA tool
    - debian/patches/CVE-2020-35522.patch: enforce (configurable) memory
      limit in tools/tiff2rgba.c.
    - CVE-2020-35522
  * SECURITY UPDATE: null pointer in TIFFReadDirectory
    - debian/patches/CVE-2022-0561.patch: add sanity check to ensure
      pointer provided to memcpy is not null in libtiff/tif_dirread.c.
    - CVE-2022-0561
  * SECURITY UPDATE: null pointer in TIFFFetchStripThing
    - debian/patches/CVE-2022-0562.patch: add sanity check to ensure
      pointer provided to memcpy is not null in libtiff/tif_dirread.c.
    - CVE-2022-0562
  * SECURITY UPDATE: denial of service through assertion failure.
    - debian/patches/CVE-2022-0865.patch: reset flags to initial state
      when file has multiple IFD and when bit reversal is needed in
      libtiff/tif_jbig.c.
    - CVE-2022-0865
  * SECURITY UPDATE: heap buffer overflow in ExtractImageSection
    - debian/patches/CVE-2022-0891.patch: correct wrong formula for
      image row size calculation in tools/tiffcrop.c.
    - CVE-2022-0891

 -- David Fernandez Gonzalez <email address hidden> Wed, 11 May 2022 17:09:42 +0200

Source diff to previous version
CVE-2020-35522 In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service
CVE-2022-0561 Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0
CVE-2022-0562 Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 coul
CVE-2022-0865 Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff
CVE-2022-0891 A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bou

Version: 4.0.9-5ubuntu0.4 2021-02-25 20:07:07 UTC

  tiff (4.0.9-5ubuntu0.4) bionic-security; urgency=medium

  * SECURITY UPDATE: Integer overflow in tif_getimage.c
    - debian/patches/CVE-2020-35523.patch: check Tile width for overflow in
      libtiff/tif_getimage.c.
    - CVE-2020-35523
  * SECURITY UPDATE: Heap-based buffer overflow in TIFF2PDF tool
    - debian/patches/CVE-2020-35524.patch: properly calculate datasize when
      saving to JPEG YCbCr in tools/tiff2pdf.c.
    - CVE-2020-35524

 -- Marc Deslauriers <email address hidden> Thu, 25 Feb 2021 07:37:14 -0500

Source diff to previous version
CVE-2020-35523 Integer overflow in tif_getimage.c
CVE-2020-35524 Heap-based buffer overflow in TIFF2PDF tool

Version: 4.0.9-5ubuntu0.3 2019-10-17 13:07:15 UTC

  tiff (4.0.9-5ubuntu0.3) bionic-security; urgency=medium

  * SECURITY UPDATE: incorrect integer overflow checks
    - debian/patches/CVE-2019-14973.patch: fix implementation-defined
      behaviour in libtiff/tif_aux.c, libtiff/tif_getimage.c,
      libtiff/tif_luv.c, libtiff/tif_pixarlog.c, libtiff/tif_read.c,
      libtiff/tif_strip.c, libtiff/tif_tile.c, libtiff/tiffiop.h.
    - debian/libtiff5.symbols: added new symbols.
    - CVE-2019-14973
  * SECURITY UPDATE: heap-based buffer overflow via crafted RGBA image
    - debian/patches/CVE-2019-17546.patch: fix integer overflow in
      libtiff/tif_getimage.c.
    - CVE-2019-17546

 -- Marc Deslauriers <email address hidden> Wed, 16 Oct 2019 09:44:21 -0400

CVE-2019-14973 _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavio
CVE-2019-17546 tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-ba



About   -   Send Feedback to @ubuntu_updates