UbuntuUpdates.org

Package "libtiff-dev"

Name: libtiff-dev

Description:

Tag Image File Format library (TIFF), development files

Latest version: 4.1.0+git191117-2ubuntu0.20.04.2
Release: focal (20.04)
Level: security
Repository: main
Head package: tiff
Homepage: https://libtiff.gitlab.io/libtiff/

Links


Download "libtiff-dev"


Other versions of "libtiff-dev" in Focal

Repository Area Version
base main 4.1.0+git191117-2build1
updates main 4.1.0+git191117-2ubuntu0.20.04.2

Changelog

Version: 4.1.0+git191117-2ubuntu0.20.04.2 2021-09-21 13:06:19 UTC

  tiff (4.1.0+git191117-2ubuntu0.20.04.2) focal-security; urgency=medium

  * SECURITY UPDATE: buffer overflow via TIFFTAG_PREDICTOR
    - debian/patches/CVE-2020-19143.patch: TIFFTAG_PREDICTOR is not
      supported for WebP in libtiff/tif_dirinfo.c, tools/tiffcp.c.
    - CVE-2020-19143

 -- Marc Deslauriers <email address hidden> Fri, 17 Sep 2021 09:14:04 -0400

Source diff to previous version
CVE-2020-19143 Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "TIFFVGetField" funtion in the component 'libtiff/tif_dir.c'

Version: 4.1.0+git191117-2ubuntu0.20.04.1 2021-02-25 18:07:20 UTC

  tiff (4.1.0+git191117-2ubuntu0.20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: Integer overflow in tif_getimage.c
    - debian/patches/CVE-2020-35523.patch: check Tile width for overflow in
      libtiff/tif_getimage.c.
    - CVE-2020-35523
  * SECURITY UPDATE: Heap-based buffer overflow in TIFF2PDF tool
    - debian/patches/CVE-2020-35524.patch: properly calculate datasize when
      saving to JPEG YCbCr in tools/tiff2pdf.c.
    - CVE-2020-35524

 -- Marc Deslauriers <email address hidden> Thu, 25 Feb 2021 07:36:40 -0500

CVE-2020-35523 Integer overflow in tif_getimage.c
CVE-2020-35524 Heap-based buffer overflow in TIFF2PDF tool



About   -   Send Feedback to @ubuntu_updates