Package "tiff"
| Name: |
tiff
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description.
Description samples from packages in group:
- TIFF manipulation and conversion tools
- TIFF manipulation and conversion tools
|
| Latest version: |
4.1.0+git191117-2ubuntu0.20.04.3 |
| Release: |
focal (20.04) |
| Level: |
security |
| Repository: |
universe |
Links
Other versions of "tiff" in Focal
Packages in group
Deleted packages are displayed in grey.
Changelog
|
tiff (4.1.0+git191117-2ubuntu0.20.04.3) focal-security; urgency=medium
* SECURITY UPDATE: malloc failure in TIFF2RGBA tool
- debian/patches/CVE-2020-35522.patch: enforce (configurable) memory
limit in tools/tiff2rgba.c.
- CVE-2020-35522
* SECURITY UPDATE: null pointer in TIFFReadDirectory
- debian/patches/CVE-2022-0561.patch: add sanity check to ensure
pointer provided to memcpy is not null in libtiff/tif_dirread.c.
- CVE-2022-0561
* SECURITY UPDATE: null pointer in TIFFFetchStripThing
- debian/patches/CVE-2022-0562.patch: add sanity check to ensure
pointer provided to memcpy is not null in libtiff/tif_dirread.c.
- CVE-2022-0562
* SECURITY UPDATE: denial of service through assertion failure.
- debian/patches/CVE-2022-0865.patch: reset flags to initial state
when file has multiple IFD and when bit reversal is needed in
libtiff/tif_jbig.c.
- CVE-2022-0865
* SECURITY UPDATE: heap buffer overflow in ExtractImageSection
- debian/patches/CVE-2022-0891.patch: correct wrong formula for
image row size calculation in tools/tiffcrop.c.
- CVE-2022-0891
-- David Fernandez Gonzalez <email address hidden> Thu, 12 May 2022 17:05:25 +0200
|
| Source diff to previous version |
| CVE-2020-35522 |
In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service |
| CVE-2022-0561 |
Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 |
| CVE-2022-0562 |
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 coul |
| CVE-2022-0865 |
Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff |
| CVE-2022-0891 |
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bou |
|
|
tiff (4.1.0+git191117-2ubuntu0.20.04.2) focal-security; urgency=medium
* SECURITY UPDATE: buffer overflow via TIFFTAG_PREDICTOR
- debian/patches/CVE-2020-19143.patch: TIFFTAG_PREDICTOR is not
supported for WebP in libtiff/tif_dirinfo.c, tools/tiffcp.c.
- CVE-2020-19143
-- Marc Deslauriers <email address hidden> Fri, 17 Sep 2021 09:14:04 -0400
|
| Source diff to previous version |
| CVE-2020-19143 |
Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "TIFFVGetField" funtion in the component 'libtiff/tif_dir.c' |
|
|
tiff (4.1.0+git191117-2ubuntu0.20.04.1) focal-security; urgency=medium
* SECURITY UPDATE: Integer overflow in tif_getimage.c
- debian/patches/CVE-2020-35523.patch: check Tile width for overflow in
libtiff/tif_getimage.c.
- CVE-2020-35523
* SECURITY UPDATE: Heap-based buffer overflow in TIFF2PDF tool
- debian/patches/CVE-2020-35524.patch: properly calculate datasize when
saving to JPEG YCbCr in tools/tiff2pdf.c.
- CVE-2020-35524
-- Marc Deslauriers <email address hidden> Thu, 25 Feb 2021 07:36:40 -0500
|
|
|
About
-
Send Feedback to @ubuntu_updates
