UbuntuUpdates.org

Package "tiff"

Name: tiff

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • TIFF manipulation and conversion tools
  • TIFF manipulation and conversion tools
Latest version: 4.5.1+git230720-4ubuntu2.4
Release: noble (24.04)
Level: updates
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "tiff" in Noble

Repository Area Version
base universe 4.5.1+git230720-4ubuntu2
base main 4.5.1+git230720-4ubuntu2
security main 4.5.1+git230720-4ubuntu2.4
security universe 4.5.1+git230720-4ubuntu2.4
updates main 4.5.1+git230720-4ubuntu2.4

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 4.5.1+git230720-4ubuntu2.4 2025-09-29 19:07:05 UTC

  tiff (4.5.1+git230720-4ubuntu2.4) noble-security; urgency=medium

  * SECURITY UPDATE: Memory corruption.
    - debian/patches/CVE-2025-8961.patch: Add _TIFFfree and extra read_buff
      check in tools/tiffcrop.c.
    - CVE-2025-8961
  * SECURITY UPDATE: Memory leak.
    - debian/patches/CVE-2025-9165.patch: Add TIFFClose in tools/tiffcmp.c.
    - CVE-2025-9165
  * SECURITY UPDATE: Out of bounds write when processing specially crafted
    TIFF files.
    - debian/patches/CVE-2025-9900.patch: Add img->height and img->width
      checks in libtiff/tif_getimage.c.
    - CVE-2025-9900

 -- Hlib Korzhynskyy <email address hidden> Wed, 24 Sep 2025 15:26:31 -0230
Source diff to previous version
CVE-2025-8961 A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulat
CVE-2025-9165 A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tif
CVE-2025-9900 A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF imag

Version: 4.5.1+git230720-4ubuntu2.3 2025-08-20 20:56:31 UTC

  tiff (4.5.1+git230720-4ubuntu2.3) noble-security; urgency=medium

  * SECURITY UPDATE: null-pointer dereference
    - d/p/CVE-2025-8534.patch: tiff2ps: check return of TIFFGetFiled() to
      fix
    - CVE-2025-8534
  * SECURITY UPDATE: use-after-free issue
    - d/p/CVE-2025-8176.patch: fix heap use-after-free in tiffmedian
    - CVE-2025-8176
  * SECURITY UPDATE: stack-based buffer overflow
    - d/p/CVE-2025-8851.patch: address tiffcrop buffer overflow issues
    - CVE-2025-8851

 -- Nishit Majithia <email address hidden> Wed, 20 Aug 2025 15:54:11 +0530
Source diff to previous version
CVE-2025-8534 A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c
CVE-2025-8176 A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file
CVE-2025-8851 A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer of the file tools/tiffcrop.

Version: 4.5.1+git230720-4ubuntu2.2 2024-09-09 14:07:09 UTC

  tiff (4.5.1+git230720-4ubuntu2.2) noble-security; urgency=medium

  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2024-7006.patch: adds check for the return value
      of _TIFFCreateAnonField() to handle potential NULL pointers in
      libtiff/tif_dirinfo.c and libtiff/tif_dirread.c.
    - CVE-2024-7006

 -- Ian Constantin <email address hidden> Thu, 05 Sep 2024 16:59:36 +0300
Source diff to previous version
CVE-2024-7006 A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures thro

Version: 4.5.1+git230720-4ubuntu2.1 2024-06-11 08:10:34 UTC

  tiff (4.5.1+git230720-4ubuntu2.1) noble-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow in tiffcrop.c
    - debian/patches/CVE-2023-3164.patch: heap buffer overflow in tiffcrop.c
    - CVE-2023-3164

 -- Bruce Cable <email address hidden> Wed, 29 May 2024 15:09:58 +1000
CVE-2023-3164 A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw all


About   -   Send Feedback to @ubuntu_updates