|
|
Subscribe / Log in / New account

Debian alert DLA-1093-1 (tiff)



From:
    	      Roberto C. Sánchez <roberto@debian.org> 


To:
    	      debian-lts-announce@lists.debian.org 


Subject:
    	      [SECURITY] [DLA 1093-1] tiff security update 


Date:
    	      Sat, 9 Sep 2017 22:12:22 -0400


Message-ID:
    	      <20170910021222.GA5221@connexer.com>


Package        : tiff
Version        : 4.0.2-6+deb7u16
CVE ID         : CVE-2017-11335 CVE-2017-12944 CVE-2017-13726 CVE-2017-13727
Debian Bug     : 868513 872607 873880 873879


Several vulnerabilities have been discovered in the Tag Image File
Format (TIFF) library and its associated tools.

CVE-2017-11335

    A heap based buffer overflow via a PlanarConfig=Contig image, which
    causes an out-of-bounds write (related to the ZIPDecode function). A
    crafted input may lead to a remote denial of service attack or an
    arbitrary code execution attack.

CVE-2017-12944

    A mishandling of memory allocation for short files allows attackers
    to cause a denial of service (allocation failure and application
    crash) during a tiff2pdf invocation.

CVE-2017-13726

    A reachable assertion abort allows a crafted input to lead to a
    remote denial of service attack.

CVE-2017-13727

    A reachable assertion abort allows a crafted input to lead to a
    remote denial of service attack.

For Debian 7 "Wheezy", these problems have been fixed in version
4.0.2-6+deb7u16.

We recommend that you upgrade your tiff packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds