Publishing details
Changelog
tiff (4.0.8-5ubuntu0.1) artful-security; urgency=medium
* SECURITY UPDATE: heap-based buffer overflow in t2p_write_pdf
- debian/patches/CVE-2017-9935-1.patch: fix transfer function handling
in libtiff/tif_dir.c, tools/tiff2pdf.c.
- debian/patches/CVE-2017-9935-2.patch: fix incorrect type for transfer
table in tools/tiff2pdf.c.
- CVE-2017-9935
* SECURITY UPDATE: DoS in TIFFOpen
- debian/patches/CVE-2017-11613-1.patch: avoid memory exhaustion in
libtiff/tif_dirread.c.
- debian/patches/CVE-2017-11613-2.patch: rework fix in
libtiff/tif_dirread.c.
- CVE-2017-11613
* SECURITY UPDATE: DoS in TIFFReadDirEntryArray
- debian/patches/CVE-2017-12944.patch: add protection against excessive
memory allocation attempts in libtiff/tif_dirread.c.
- CVE-2017-12944
* SECURITY UPDATE: TIFFSetupStrips heap overflow in pal2rgb
- debian/patches/CVE-2017-17095.patch: add workaround to
tools/pal2rgb.c.
- CVE-2017-17095
* SECURITY UPDATE: null pointer dereference
- debian/patches/CVE-2017-18013.patch: fix null pointer dereference in
libtiff/tif_print.c.
- CVE-2017-18013
* SECURITY UPDATE: DoS via resource consumption
- debian/patches/CVE-2018-5784.patch: fix infinite loop in
contrib/addtiffo/tif_overview.c, tools/tiff2pdf.c, tools/tiffcrop.c.
- CVE-2018-5784
-- Marc Deslauriers <email address hidden> Thu, 22 Mar 2018 09:52:02 -0400
Builds
Package files