UbuntuUpdates.org

Package "tiff"

Name: tiff

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Tag Image File Format library (TIFF), development files
  • TIFF manipulation and conversion documentation
  • Tag Image File Format (TIFF) library
  • Tag Image File Format library (TIFF), development files (transitional package)

Latest version: 4.0.10-4ubuntu0.1
Release: disco (19.04)
Level: security
Repository: main

Links

Save this URL for the latest version of "tiff": https://www.ubuntuupdates.org/tiff



Other versions of "tiff" in Disco

Repository Area Version
base main 4.0.10-4
base universe 4.0.10-4
security universe 4.0.10-4ubuntu0.1
updates universe 4.0.10-4ubuntu0.1
updates main 4.0.10-4ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 4.0.10-4ubuntu0.1 2019-10-17 13:07:21 UTC

  tiff (4.0.10-4ubuntu0.1) disco-security; urgency=medium

  * SECURITY UPDATE: incorrect integer overflow checks
    - debian/patches/CVE-2019-14973.patch: fix implementation-defined
      behaviour in libtiff/tif_aux.c, libtiff/tif_getimage.c,
      libtiff/tif_luv.c, libtiff/tif_pixarlog.c, libtiff/tif_read.c,
      libtiff/tif_strip.c, libtiff/tif_tile.c, libtiff/tiffiop.h.
    - debian/libtiff5.symbols: added new symbols.
    - CVE-2019-14973
  * SECURITY UPDATE: heap-based buffer overflow via crafted RGBA image
    - debian/patches/CVE-2019-17546.patch: fix integer overflow in
      libtiff/tif_getimage.c.
    - CVE-2019-17546

 -- Marc Deslauriers <email address hidden> Wed, 16 Oct 2019 09:09:34 -0400

CVE-2019-14973 _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavio
CVE-2019-17546 tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-ba



About   -   Send Feedback to @ubuntu_updates