UbuntuUpdates.org

Package "libtiffxx5"

Name: libtiffxx5

Description:

Tag Image File Format (TIFF) library -- C++ interface
Latest version: 4.1.0+git191117-2ubuntu0.20.04.14
Release: focal (20.04)
Level: security
Repository: main
Head package: tiff
Homepage: https://libtiff.gitlab.io/libtiff/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libtiffxx5"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libtiffxx5" in Focal

Repository Area Version
base main 4.1.0+git191117-2build1
updates main 4.1.0+git191117-2ubuntu0.20.04.14

Changelog

Version: 4.1.0+git191117-2ubuntu0.20.04.14 2024-09-09 13:07:03 UTC

  tiff (4.1.0+git191117-2ubuntu0.20.04.14) focal-security; urgency=medium

  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2024-7006.patch: adds check for the return value
      of _TIFFCreateAnonField() to handle potential NULL pointers in
      libtiff/tif_dirinfo.c and libtiff/tif_dirread.c.
    - CVE-2024-7006

 -- Ian Constantin <email address hidden> Thu, 05 Sep 2024 16:59:45 +0300
Source diff to previous version
CVE-2024-7006 A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures thro

Version: 4.1.0+git191117-2ubuntu0.20.04.13 2024-06-11 07:07:04 UTC

  tiff (4.1.0+git191117-2ubuntu0.20.04.13) focal-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow in tiffcrop.c
    - debian/patches/CVE-2023-3164.patch: heap buffer overflow in tiffcrop.c
    - CVE-2023-3164

 -- Bruce Cable <email address hidden> Mon, 27 May 2024 13:22:12 +1000
Source diff to previous version
CVE-2023-3164 A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw all

Version: 4.1.0+git191117-2ubuntu0.20.04.12 2024-02-19 19:07:13 UTC

  tiff (4.1.0+git191117-2ubuntu0.20.04.12) focal-security; urgency=medium

  * SECURITY UPDATE: heap based buffer overflow
    - debian/patches/CVE-2023-6228.patch: add check for codec configuration
      in tools/tiffcp.c.
    - CVE-2023-6228
  * SECURITY UPDATE: memory exhaustion
    - debian/patches/CVE-2023-6277-1.patch: add multiple checks for requested
      memory being greater than filesize in libtiff/tif_dirread.c.
    - debian/patches/CVE-2023-6277-2.patch: add an extra check for above
      condition, to only do it for a defined large request in
      libtiff/tif_dirread.c.
    - debian/patches/CVE-2023-6277-3.patch: remove one of the checks in
      libtiff/tif_dirread.c.
    - debian/patches/CVE-2023-6277-4.patch: add the extra check, to only do
      it for a defined large request in more methods in libtiff/tif_dirread.c.
    - CVE-2023-6277
  * SECURITY UPDATE: segmentation fault
    - debian/patches/CVE-2023-52356.patch: add row and column check based
      on image sizes in libtiff/tif_getimage.c.
    - CVE-2023-52356

 -- Rodrigo Figueiredo Zaiden <email address hidden> Fri, 09 Feb 2024 16:43:26 -0300
Source diff to previous version
CVE-2023-6228 An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer ove
CVE-2023-6277 An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service vi
CVE-2023-52356 A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw a

Version: 4.1.0+git191117-2ubuntu0.20.04.11 2023-11-23 22:06:58 UTC

  tiff (4.1.0+git191117-2ubuntu0.20.04.11) focal-security; urgency=medium

  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2022-40090.patch: Improved IFD-Loop Handling.
    - CVE-2022-40090
  * SECURITY UPDATE: memory leak
    - debian/patches/CVE-2023-3576.patch: Fix memory leak in tiffcrop.c.
    - CVE-2023-3576

 -- Fabian Toepfer <email address hidden> Thu, 23 Nov 2023 14:41:23 +0100
Source diff to previous version
CVE-2022-40090 An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file.
CVE-2023-3576 A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pa

Version: 4.1.0+git191117-2ubuntu0.20.04.10 2023-10-11 05:06:54 UTC

  tiff (4.1.0+git191117-2ubuntu0.20.04.10) focal-security; urgency=medium

  * SECURITY UPDATE: out-of-bound read
    - debian/patches/CVE-2023-1916.patch: Fix heap-buffer-overflow in
      function extractImageSection
    - CVE-2023-1916

 -- Nishit Majithia <email address hidden> Tue, 10 Oct 2023 15:58:04 +0530
CVE-2023-1916 A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the ex


About   -   Send Feedback to @ubuntu_updates