| Errata ID | 378 |
|---|---|
| Date | 2018-12-12 |
| Source package | tiff |
| Fixed in version | 4.0.8-2+deb9u4 |
| Description | This update addresses the following issues: * Memory leak via corrupt td_imagelength in TIFFOpen function (CVE-2017-11613) * Heap-based buffer overflow in tools/pal2rgb.c can lead to denial of service (CVE-2017-17095) * uncontrolled resource consumption in TIFFSetDirectory function in tif_dir.c (CVE-2018-5784) * NULL pointer dereference in tif_print.c:TIFFPrintDirectory() causes a denial of service (CVE-2018-7456) * heap-based buffer overflow in tif_lzw.c:LZWDecodeCompat() allows for denial of service (CVE-2018-8905) * reachable assertion in TIFFWriteDirectorySec function in tif_dirwrite.c (CVE-2018-10963) * Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c (CVE-2018-15209) * Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c (CVE-2018-16335) * Two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c (CVE-2018-17101) * Out-of-bounds write in tif_jbig.c (CVE-2018-18557) |
| Additional notes | |
| CVE ID | CVE-2017-11613 CVE-2017-17095 CVE-2018-5784 CVE-2018-7456 CVE-2018-8905 CVE-2018-10963 CVE-2018-15209 CVE-2018-16335 CVE-2018-17101 CVE-2018-18557 |
| UCS Bug number | #48293 |
