tiff 4.0.3-7ubuntu0.6 source package in Ubuntu

Changelog

tiff (4.0.3-7ubuntu0.6) trusty-security; urgency=medium

  * SECURITY UPDATE: DoS via crafted field data in an extension tag
    - debian/patches/CVE-2015-7554.patch: add count to tools/tiffsplit.c.
    - CVE-2015-7554
  * SECURITY UPDATE: DoS and possible code execution via large width field
    in a BMP image
    - debian/patches/CVE-2015-8668.patch: properly calculate size in
      tools/bmp2tiff.c.
    - CVE-2015-8668
  * SECURITY UPDATE: heap-buffer-overflow in tiffcrop
    - debian/patches/CVE-2016-10092.patch: properly increment buffer in
      tools/tiffcrop.c.
    - CVE-2016-10092
  * SECURITY UPDATE: heap-based buffer overflow in tiffcp
    - debian/patches/CVE-2016-10093.patch: fix uint32 underflow/overflow
      in tools/tiffcp.c.
    - CVE-2016-10093
  * SECURITY UPDATE: off-by-one error in tiff2pdf
    - debian/patches/CVE-2016-10094.patch: fix count in tools/tiff2pdf.c.
    - CVE-2016-10094
  * SECURITY UPDATE: DoS in tiff2rgba tool
    - debian/patches/CVE-2016-3622.patch: enforce bits-per-sample in
      libtiff/tif_getimage.c, libtiff/tif_predict.c.
    - CVE-2016-3622
  * SECURITY UPDATE: DoS in rgb2ycbcr tool
    - debian/patches/CVE-2016-3623.patch: validate parameters in
      tools/rgb2ycbcr.c.
    - CVE-2016-3623
    - CVE-2016-3624
  * SECURITY UPDATE: DoS and possible code execution via crafted TIFF image
    - debian/patches/CVE-2016-3632.patch: disable BADFAXLINES in
      tools/thumbnail.c.
    - CVE-2016-3632
    - CVE-2016-8331
  * SECURITY UPDATE: DoS via out-of-bounds read
    - debian/patches/CVE-2016-3658.patch: properly handle SamplesPerPixel
      change in libtiff/tif_dir.c, avoid null pointer dereference in
      libtiff/tif_dirwrite.c
    - CVE-2016-3658
  * SECURITY UPDATE: DoS and possible code execution in tiff2rgba tool
    - debian/patches/CVE-2016-3945.patch: fix integer overflow in
      tools/tiff2rgba.c.
    - CVE-2016-3945
  * SECURITY UPDATE: DoS and possible code execution via overflow in
    horizontalDifference8 function
    - debian/patches/CVE-2016-3990.patch: add check to
      libtiff/tif_pixarlog.c.
    - CVE-2016-3990
  * SECURITY UPDATE: DoS and possible code execution in tiffcrop
    - debian/patches/CVE-2016-3991.patch: add checks to tools/tiffcrop.c.
    - CVE-2016-3991
    - CVE-2016-5322
  * SECURITY UPDATE: PixarLogDecode() out-of-bound writes
    - debian/patches/CVE-2016-5314.patch: check size in
      libtiff/tif_pixarlog.c.
    - CVE-2016-5314
    - CVE-2016-5315
    - CVE-2016-5316
    - CVE-2016-5317
    - CVE-2016-5320
    - CVE-2016-5875
  * SECURITY UPDATE: DoS in DumpModeDecode function
    - debian/patches/CVE-2016-5321.patch: limit number of samples in
      tools/tiffcrop.c.
    - CVE-2016-5321
  * SECURITY UPDATE: DoS in _TIFFFax3fillruns function
    - debian/patches/CVE-2016-5323.patch: limit number of samples in
      tools/tiffcrop.c.
    - CVE-2016-5323
  * SECURITY UPDATE: DoS and possible code execution in tiff2pdf
    - debian/patches/CVE-2016-5652.patch: properly handle markers in
      tools/tiff2pdf.c.
    - CVE-2016-5652
  * SECURITY UPDATE: DoS and info disclosure via negative index
    - debian/patches/CVE-2016-6223.patch: properly handle stripoffset in
      libtiff/tif_read.c.
    - CVE-2016-6223
  * SECURITY UPDATE: DoS in tiffsplit
    - debian/patches/CVE-2016-9273.patch: don't recompute value in
      libtiff/tif_strip.c.
    - CVE-2016-9273
  * SECURITY UPDATE: DoS via crafted tag values
    - debian/patches/CVE-2016-9297.patch: NULL-terminate values in
      libtiff/tif_dirread.c.
    - CVE-2016-9297
  * SECURITY UPDATE: DoS caused by CVE-2016-9297
    - debian/patches/CVE-2016-9448.patch: check for NULL in
      libtiff/tif_dirread.c.
    - CVE-2016-9448
  * SECURITY UPDATE: DoS and possibe code execution via TIFFTAG_JPEGTABLES
    of length one
    - debian/patches/CVE-2016-9453.patch: fix counts in tools/tiff2pdf.c.
    - CVE-2016-9453
  * SECURITY UPDATE: integer overflow in writeBufferToSeparateStrips
    - debian/patches/CVE-2016-9532.patch: check for overflows in
      tools/tiffcrop.c.
    - CVE-2016-9532
  * SECURITY UPDATE: multiple out-of-bounds writes issues
    - debian/patches/CVE-2016-9533.patch: fix out-of-bounds writes in
      libtiff/tif_pixarlog.c, libtiff/tif_write.c, tools/tiff2pdf.c,
      tools/tiffcrop.c.
    - CVE-2016-9533
    - CVE-2016-9534
    - CVE-2016-9536
    - CVE-2016-9537
  * SECURITY UPDATE: assertion failure via unusual tile size
    - debian/patches/CVE-2016-9535-1.patch: replace assertions with
      runtime checks in libtiff/tif_predict.c, libtiff/tif_predict.h.
    - debian/patches/CVE-2016-9535-2.patch: fix memory leaks in
      libtiff/tif_predict.c.
    - CVE-2016-9535
  * SECURITY UPDATE: integer overflow in tiffcrop
    - debian/patches/CVE-2016-9538.patch: fix undefined variable reads in
      tools/tiffcp.c, tools/tiffcrop.c.
    - CVE-2016-9538
  * SECURITY UPDATE: out-of-bounds read in tiffcrop
    - debian/patches/CVE-2016-9539.patch: check size in tools/tiffcrop.c.
    - CVE-2016-9539
  * SECURITY UPDATE: out-of-bounds write via odd tile width versus image
    width
    - debian/patches/CVE-2016-9540.patch: check bounds in tools/tiffcp.c.
    - CVE-2016-9540
  * SECURITY UPDATE: DoS or code execution via crafted BitsPerSample value
    - debian/patches/CVE-2017-5225.patch: check bps in tools/tiffcp.c.
    - CVE-2017-5225

 -- Marc Deslauriers <email address hidden>  Mon, 27 Feb 2017 10:55:30 -0500

Upload details

Uploaded by:
Marc Deslauriers on 2017-02-27
Uploaded to:
Trusty
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
libs
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
tiff_4.0.3.orig.tar.gz 2.0 MiB ea1aebe282319537fb2d4d7805f478dd4e0e05c33d0928baba76a7c963684872
tiff_4.0.3-7ubuntu0.6.debian.tar.gz 60.3 KiB 3f2800d66bdce0cfb57f2df890083a823af6caeda9cbb277b615d1f23b5d8def
tiff_4.0.3-7ubuntu0.6.dsc 2.2 KiB f5e7cb6ec7dad3b76ee4393da1c645434a670cefc593320fa1697741bb4126ca

View changes file

Binary packages built by this source

libtiff-doc: TIFF manipulation and conversion documentation

 libtiff is a library providing support for the Tag Image File Format
 (TIFF), a widely used format for storing image data. This package
 contains documentation.

libtiff-opengl: TIFF manipulation and conversion tools

 libtiff is a library providing support for the Tag Image File Format
 (TIFF), a widely used format for storing image data. This package
 contains libtiff tools that depend upon opengl. It complements the
 libtiff-tools package, which contains the libtiff tools that don't
 depend upon opengl.

libtiff-opengl-dbgsym: debug symbols for package libtiff-opengl

 libtiff is a library providing support for the Tag Image File Format
 (TIFF), a widely used format for storing image data. This package
 contains libtiff tools that depend upon opengl. It complements the
 libtiff-tools package, which contains the libtiff tools that don't
 depend upon opengl.

libtiff-tools: TIFF manipulation and conversion tools

 libtiff is a library providing support for the Tag Image File Format
 (TIFF), a widely used format for storing image data. This package
 includes tools for converting TIFF images to and from other formats
 and tools for doing simple manipulations of TIFF images. See also
 libtiff-opengl.

libtiff-tools-dbgsym: debug symbols for package libtiff-tools

 libtiff is a library providing support for the Tag Image File Format
 (TIFF), a widely used format for storing image data. This package
 includes tools for converting TIFF images to and from other formats
 and tools for doing simple manipulations of TIFF images. See also
 libtiff-opengl.

libtiff4-dev: Tag Image File Format library (TIFF), transitional package

 This is a transitional package that can be safely removed. Build
 dependencies on libtiff4-dev should be replaced with build
 dependencies on libtiff-dev.

libtiff5: Tag Image File Format (TIFF) library

 libtiff is a library providing support for the Tag Image File Format
 (TIFF), a widely used format for storing image data. This package
 includes the shared library.

libtiff5-alt-dev: Tag Image File Format library (TIFF), transitional package

 This is a transitional package that can be safely removed. Build
 dependencies on libtiff5-alt-dev should be replaced with build
 dependencies on libtiff-dev.

libtiff5-dbgsym: debug symbols for package libtiff5

 libtiff is a library providing support for the Tag Image File Format
 (TIFF), a widely used format for storing image data. This package
 includes the shared library.

libtiff5-dev: Tag Image File Format library (TIFF), development files

 libtiff is a library providing support for the Tag Image File Format
 (TIFF), a widely used format for storing image data. This package
 includes the development files, static library, and header files.

libtiffxx5: Tag Image File Format (TIFF) library -- C++ interface

 libtiff is a library providing support for the Tag Image File Format
 (TIFF), a widely used format for storing image data. This package
 includes the shared library for the experimental C++ interfaces.

libtiffxx5-dbgsym: debug symbols for package libtiffxx5

 libtiff is a library providing support for the Tag Image File Format
 (TIFF), a widely used format for storing image data. This package
 includes the shared library for the experimental C++ interfaces.