Univention Bugzilla – Bug 42897
tiff3: Multiple issues (4.1)
Last modified: 2017-04-19 13:29:03 CEST
Upstream Debian package version 3.9.6-11+deb7u2 fixes the following issues: * Applications using libtiff can trigger buffer overflows through TIFFGetField() when processing TIFF images with unknown tags (CVE-2015-7554, CVE-2016-5318)
3.9.6-11+deb7u3 fixes an issue in +deb7u1 that resulted in libtiff writing out invalid tiff files when the compression scheme in use relies on codec-specific TIFF tags embedded in the image.
Upstream Debian package version 3.9.6-11+deb7u4 fixes: * an out of bounds write in tif_luv.c (CVE-2015-8781) * other out-of-bounds writes (CVE-2015-8782) * other out-of-bounds reads (CVE-2015-8783) * potential out-of-bound write in NeXTDecode (CVE-2015-8784) * tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka "PixarLoghorizontalDifference heap-buffer-overflow." (CVE-2016-9533) * tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow."(CVE-2016-9534) * tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow." (CVE-2016-9535)
Upstream version imported and built. Advisory: tiff3.yaml
Tests (amd64): OK Advisory: OK
<http://errata.software-univention.de/ucs/4.1/410.html>