UbuntuUpdates.org

Package "tiff"

Name: tiff

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • TIFF manipulation and conversion documentation
  • Tag Image File Format (TIFF) library
  • Tag Image File Format library (TIFF), development files
  • Tag Image File Format (TIFF) library -- C++ interface

Latest version: 4.0.6-1ubuntu0.8
Release: xenial (16.04)
Level: security
Repository: main

Links



Other versions of "tiff" in Xenial

Repository Area Version
base main 4.0.6-1
base universe 4.0.6-1
security universe 4.0.6-1ubuntu0.8
updates universe 4.0.6-1ubuntu0.8
updates main 4.0.6-1ubuntu0.8

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 4.0.6-1ubuntu0.3 2018-03-20 19:06:43 UTC

  tiff (4.0.6-1ubuntu0.3) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS in tif_read.c
    - debian/patches/CVE-2016-10266.patch: fix uint32 overflow in
      libtiff/tif_read.c, libtiff/tiffiop.h.
    - CVE-2016-10266
  * SECURITY UPDATE: DoS in tif_ojpeg.c
    - debian/patches/CVE-2016-10267.patch: make OJPEGDecode() early exit in
      case of failure in libtiff/tif_ojpeg.c.
    - CVE-2016-10267
  * SECURITY UPDATE: DoS in tif_unix.c
    - debian/patches/CVE-2016-10268.patch: avoid uint32 underflow in
      cpDecodedStrips in tools/tiffcp.c.
    - CVE-2016-10268
  * SECURITY UPDATE: DoS in tif_unix.c
    - debian/patches/CVE-2016-10269.patch: fix heap-based buffer overflow
      in libtiff/tif_luv.c, libtiff/tif_pixarlog.c.
    - CVE-2016-10269
  * SECURITY UPDATE: DoS in TIFFWriteDirectoryTagCheckedRational
    - debian/patches/CVE-2016-10371.patch: replace assertion by runtime
      check in libtiff/tif_dirwrite.c, tools/tiffcrop.c.
    - CVE-2016-10371
  * SECURITY UPDATE: DoS in putagreytile function
    - debian/patches/CVE-2017-7592.patch: add explicit uint32 cast in
      libtiff/tif_getimage.c.
    - CVE-2017-7592
  * SECURITY UPDATE: information disclosure in tif_read.c
    - debian/patches/CVE-2017-7593.patch: use _TIFFcalloc() to zero in
      libtiff/tif_read.c, libtiff/tif_unix.c, libtiff/tif_vms.c,
      libtiff/tif_win32.c, libtiff/tiffio.h.
    - CVE-2017-7593
  * SECURITY UPDATE: DoS in OJPEGReadHeaderInfoSecTablesDcTable
    - debian/patches/CVE-2017-7594-1.patch: fix leak in
      libtiff/tif_ojpeg.c.
    - debian/patches/CVE-2017-7594-2.patch: fix another leak in
      libtiff/tif_ojpeg.c.
    - CVE-2017-7594
  * SECURITY UPDATE: DoS in JPEGSetupEncode
    - debian/patches/CVE-2017-7595.patch: avoid integer division by zero in
      libtiff/tif_jpeg.c.
    - CVE-2017-7595
  * SECURITY UPDATE: DoS via undefined behaviour
    - debian/patches/CVE-2017-7596_7597_7599_7600.patch: avoir undefined
      behaviour in libtiff/tif_dir.c, libtiff/tif_dirread.c,
      libtiff/tif_dirwrite.c.
    - CVE-2017-7596
    - CVE-2017-7597
    - CVE-2017-7599
    - CVE-2017-7600
  * SECURITY UPDATE: DoS via divide-by-zero
    - debian/patches/CVE-2017-7598.patch: avoid division by floating point
      0 in libtiff/tif_dirread.c.
    - CVE-2017-7598
  * SECURITY UPDATE: DoS via undefined behaviour
    - debian/patches/CVE-2017-7601.patch: validate BitsPerSample in
      libtiff/tif_jpeg.c.
    - CVE-2017-7601
  * SECURITY UPDATE: signed integer overflow
    - debian/patches/CVE-2017-7602.patch: avoid potential undefined
      behaviour in libtiff/tif_read.c.
    - CVE-2017-7602
  * SECURITY UPDATE: DoS via memory leak
    - debian/patches/CVE-2017-9403_9815.patch: fix memory leak in
      libtiff/tif_dirread.c, tools/tiff2ps.c.
    - CVE-2017-9403
    - CVE-2017-9815
  * SECURITY UPDATE: DoS via memory leak
    - debian/patches/CVE-2017-9404.patch: fix potential memory leak in
      libtiff/tif_ojpeg.c.
    - CVE-2017-9404
  * SECURITY UPDATE: DoS via memory leak
    - debian/patches/CVE-2017-9936.patch: fix memory leak in
      libtiff/tif_jbig.c.
    - CVE-2017-9936
  * SECURITY UPDATE: DoS via assertion
    - debian/patches/CVE-2017-10688.patch: replace assertion in
      libtiff/tif_dirwrite.c.
    - CVE-2017-10688
  * SECURITY UPDATE: heap overflow in tiff2pdf.c
    - debian/patches/CVE-2017-11335.patch: prevent heap buffer overflow
      write in tools/tiff2pdf.c.
    - CVE-2017-11335
  * SECURITY UPDATE: DoS in TIFFReadDirEntryArray
    - debian/patches/CVE-2017-12944.patch: add protection against excessive
      memory allocation attempts in libtiff/tif_dirread.c.
    - CVE-2017-12944
  * SECURITY UPDATE: DoS via assertion
    - debian/patches/CVE-2017-13726.patch: replace assertion in
      libtiff/tif_dirwrite.c.
    - CVE-2017-13726
  * SECURITY UPDATE: DoS via assertion
    - debian/patches/CVE-2017-13727.patch: replace assertion in
      libtiff/tif_dirwrite.c.
    - CVE-2017-13727
  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2017-18013.patch: fix null pointer dereference in
      libtiff/tif_print.c.
    - CVE-2017-18013
  * SECURITY UPDATE: DoS via resource consumption
    - debian/patches/CVE-2018-5784.patch: fix infinite loop in
      contrib/addtiffo/tif_overview.c, tools/tiff2pdf.c, tools/tiffcrop.c.
    - CVE-2018-5784

 -- Marc Deslauriers <email address hidden> Tue, 20 Mar 2018 08:00:42 -0400

Source diff to previous version
CVE-2016-10266 LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to
CVE-2016-10267 LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to
CVE-2016-10268 tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly
CVE-2016-10269 LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a craf
CVE-2016-10371 The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion
CVE-2017-7592 The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a
CVE-2017-7593 tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive informat
CVE-2017-7594 The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) v
CVE-2017-7595 The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and applicati
CVE-2017-7596 LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause
CVE-2017-7597 tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote at
CVE-2017-7599 LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause
CVE-2017-7600 LibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers t
CVE-2017-7598 tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted i
CVE-2017-7601 LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of
CVE-2017-7602 LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have uns
CVE-2017-9403 In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause
CVE-2017-9815 In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a d
CVE-2017-9404 In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to
CVE-2017-9936 In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service att
CVE-2017-10688 In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a
CVE-2017-11335 There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred byte
CVE-2017-12944 The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to caus
CVE-2017-13726 There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted
CVE-2017-13727 There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A cr
CVE-2017-18013 In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.
CVE-2018-5784 In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this v

Version: 4.0.6-1ubuntu0.2 2017-05-30 14:06:47 UTC

  tiff (4.0.6-1ubuntu0.2) xenial-security; urgency=medium

  * SECURITY REGRESSION: JPEG tiff read and write issue due to misapplied
    patches (LP: #1670036)
    - debian/patches/CVE-2016-9297_and_CVE-2016-9448_correct.patch: replace
      two previous patches with one that applies fix to correct location.
    - Thanks to John Cupitt and Even Rouault

 -- Marc Deslauriers <email address hidden> Mon, 29 May 2017 07:33:56 -0400

Source diff to previous version
1670036 Misapplied patches in 4.0.6-2ubuntu0.1 break reading and writing JPEG compressed files
CVE-2016-9297 The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C1
CVE-2016-9448 The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting

Version: 4.0.6-1ubuntu0.1 2017-02-27 19:06:59 UTC

  tiff (4.0.6-1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS via crafted field data in an extension tag
    - debian/patches/CVE-2015-7554.patch: add count to tools/tiffsplit.c.
    - CVE-2015-7554
  * SECURITY UPDATE: DoS and possible code execution via large width field
    in a BMP image
    - debian/patches/CVE-2015-8668.patch: properly calculate size in
      tools/bmp2tiff.c.
    - CVE-2015-8668
  * SECURITY UPDATE: heap-buffer-overflow in tiffcrop
    - debian/patches/CVE-2016-10092.patch: properly increment buffer in
      tools/tiffcrop.c.
    - CVE-2016-10092
  * SECURITY UPDATE: heap-based buffer overflow in tiffcp
    - debian/patches/CVE-2016-10093.patch: fix uint32 underflow/overflow
      in tools/tiffcp.c.
    - CVE-2016-10093
  * SECURITY UPDATE: off-by-one error in tiff2pdf
    - debian/patches/CVE-2016-10094.patch: fix count in tools/tiff2pdf.c.
    - CVE-2016-10094
  * SECURITY UPDATE: DoS in tiff2rgba tool
    - debian/patches/CVE-2016-3622.patch: enforce bits-per-sample in
      libtiff/tif_getimage.c, libtiff/tif_predict.c.
    - CVE-2016-3622
  * SECURITY UPDATE: DoS in rgb2ycbcr tool
    - debian/patches/CVE-2016-3623.patch: validate parameters in
      tools/rgb2ycbcr.c.
    - CVE-2016-3623
    - CVE-2016-3624
  * SECURITY UPDATE: DoS and possible code execution via crafted TIFF image
    - debian/patches/CVE-2016-3632.patch: disable BADFAXLINES in
      tools/thumbnail.c.
    - CVE-2016-3632
    - CVE-2016-8331
  * SECURITY UPDATE: DoS via out-of-bounds read
    - debian/patches/CVE-2016-3658.patch: properly handle SamplesPerPixel
      change in libtiff/tif_dir.c, avoid null pointer dereference in
      libtiff/tif_dirwrite.c
    - CVE-2016-3658
  * SECURITY UPDATE: DoS and possible code execution in tiff2rgba tool
    - debian/patches/CVE-2016-3945.patch: fix integer overflow in
      tools/tiff2rgba.c.
    - CVE-2016-3945
  * SECURITY UPDATE: DoS and possible code execution via overflow in
    horizontalDifference8 function
    - debian/patches/CVE-2016-3990.patch: add check to
      libtiff/tif_pixarlog.c.
    - CVE-2016-3990
  * SECURITY UPDATE: DoS and possible code execution in tiffcrop
    - debian/patches/CVE-2016-3991.patch: add checks to tools/tiffcrop.c.
    - CVE-2016-3991
    - CVE-2016-5322
  * SECURITY UPDATE: PixarLogDecode() out-of-bound writes
    - debian/patches/CVE-2016-5314.patch: check size in
      libtiff/tif_pixarlog.c.
    - CVE-2016-5314
    - CVE-2016-5315
    - CVE-2016-5316
    - CVE-2016-5317
    - CVE-2016-5320
    - CVE-2016-5875
  * SECURITY UPDATE: DoS in DumpModeDecode function
    - debian/patches/CVE-2016-5321.patch: limit number of samples in
      tools/tiffcrop.c.
    - CVE-2016-5321
  * SECURITY UPDATE: DoS in _TIFFFax3fillruns function
    - debian/patches/CVE-2016-5323.patch: limit number of samples in
      tools/tiffcrop.c.
    - CVE-2016-5323
  * SECURITY UPDATE: DoS and possible code execution in tiff2pdf
    - debian/patches/CVE-2016-5652.patch: properly handle markers in
      tools/tiff2pdf.c.
    - CVE-2016-5652
  * SECURITY UPDATE: DoS and info disclosure via negative index
    - debian/patches/CVE-2016-6223.patch: properly handle stripoffset in
      libtiff/tif_read.c.
    - CVE-2016-6223
  * SECURITY UPDATE: DoS in tiffsplit
    - debian/patches/CVE-2016-9273.patch: don't recompute value in
      libtiff/tif_strip.c.
    - CVE-2016-9273
  * SECURITY UPDATE: DoS via crafted tag values
    - debian/patches/CVE-2016-9297.patch: NULL-terminate values in
      libtiff/tif_dirread.c.
    - CVE-2016-9297
  * SECURITY UPDATE: DoS caused by CVE-2016-9297
    - debian/patches/CVE-2016-9448.patch: check for NULL in
      libtiff/tif_dirread.c.
    - CVE-2016-9448
  * SECURITY UPDATE: DoS and possibe code execution via TIFFTAG_JPEGTABLES
    of length one
    - debian/patches/CVE-2016-9453.patch: fix counts in tools/tiff2pdf.c.
    - CVE-2016-9453
  * SECURITY UPDATE: integer overflow in writeBufferToSeparateStrips
    - debian/patches/CVE-2016-9532.patch: check for overflows in
      tools/tiffcrop.c.
    - CVE-2016-9532
  * SECURITY UPDATE: multiple out-of-bounds writes issues
    - debian/patches/CVE-2016-9533.patch: fix out-of-bounds writes in
      libtiff/tif_pixarlog.c, libtiff/tif_write.c, tools/tiff2pdf.c,
      tools/tiffcrop.c.
    - CVE-2016-9533
    - CVE-2016-9534
    - CVE-2016-9536
    - CVE-2016-9537
  * SECURITY UPDATE: assertion failure via unusual tile size
    - debian/patches/CVE-2016-9535-1.patch: replace assertions with
      runtime checks in libtiff/tif_predict.c, libtiff/tif_predict.h.
    - debian/patches/CVE-2016-9535-2.patch: fix memory leaks in
      libtiff/tif_predict.c.
    - CVE-2016-9535
  * SECURITY UPDATE: integer overflow in tiffcrop
    - debian/patches/CVE-2016-9538.patch: fix undefined variable reads in
      tools/tiffcp.c, tools/tiffcrop.c.
    - CVE-2016-9538
  * SECURITY UPDATE: out-of-bounds read in tiffcrop
    - debian/patches/CVE-2016-9539.patch: check size in tools/tiffcrop.c.
    - CVE-2016-9539
  * SECURITY UPDATE: out-of-bounds write via odd tile width versus image
    width
    - debian/patches/CVE-2016-9540.patch: check bounds in tools/tiffcp.c.
    - CVE-2016-9540
  * SECURITY UPDATE: DoS or code execution via crafted BitsPerSample value
    - debian/patches/CVE-2017-5225.patch: check bps in tools/tiffcp.c.
    - CVE-2017-5225

 -- Marc Deslauriers <email address hidden> Fri, 24 Feb 2017 10:46:03 -0500

CVE-2015-7554 The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly
CVE-2015-8668 Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to ex
CVE-2016-1009 Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous befo
CVE-2016-3622 The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-b
CVE-2016-3623 The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h p
CVE-2016-3624 The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) b
CVE-2016-3632 The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write)
CVE-2016-8331 An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead t
CVE-2016-3658 The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause
CVE-2016-3945 Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is
CVE-2016-3990 Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a de
CVE-2016-3991 Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of s
CVE-2016-5322 extractContigSamplesBytes: out-of-bounds read
CVE-2016-5314 PixarLogDecode() out-of-bound writes
CVE-2016-5315 tif_dir.c: setByteArray() Read access violation
CVE-2016-5316 Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by
CVE-2016-5317 Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus,
CVE-2016-5320 rgb2ycbcr: command excution
CVE-2016-5875 tiff: heap-based buffer overflow when using the PixarLog compression format
CVE-2016-5321 The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff im
CVE-2016-5323 The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application cra
CVE-2016-5652 An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a hea
CVE-2016-6223 The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (cras
CVE-2016-9273 tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstri
CVE-2016-9297 The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C1
CVE-2016-9448 The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting
CVE-2016-9453 The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly
CVE-2016-9532 Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of servi
CVE-2016-9533 tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog horizontalDi
CVE-2016-9534 tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported
CVE-2016-9536 tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 350
CVE-2016-9537 tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097.
CVE-2016-9535 tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mo
CVE-2016-9538 tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35
CVE-2016-9539 tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092.
CVE-2016-9540 tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStr
CVE-2017-5225 LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample valu



About   -   Send Feedback to @ubuntu_updates