Package "libtiff5-dev"
Name: |
libtiff5-dev
|
Description: |
Tag Image File Format library (TIFF), development files (transitional package)
|
Latest version: |
4.1.0+git191117-2ubuntu0.20.04.12 |
Release: |
focal (20.04) |
Level: |
updates |
Repository: |
main |
Head package: |
tiff |
Homepage: |
https://libtiff.gitlab.io/libtiff/ |
Links
Download "libtiff5-dev"
Other versions of "libtiff5-dev" in Focal
Changelog
tiff (4.1.0+git191117-2ubuntu0.20.04.7) focal-security; urgency=medium
* SECURITY UPDATE: unsigned integer overflow
- debian/patches/CVE-2022-3970.patch: adds size_t type casts in the
TIFFReadRGBATile function in libtiff/tif_getimage.c.
- CVE-2022-3970
-- David Fernandez Gonzalez <email address hidden> Thu, 01 Dec 2022 11:00:12 +0100
|
Source diff to previous version |
CVE-2022-3970 |
A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getim |
|
tiff (4.1.0+git191117-2ubuntu0.20.04.6) focal-security; urgency=medium
* SECURITY UPDATE: out-of-bound read/write in tiffcrop
- debian/patches/CVE-2022-2867_2868_2869.patch: Fix heap-buffer-overflow by
correcting uint32_t underflow
- CVE-2022-2867
- CVE-2022-2868
- CVE-2022-2869
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2022-3570_3598.patch: increases buffer sizes for
subroutines in tools/tiffcrop.c.
- CVE-2022-3570
- CVE-2022-3598
* SECURITY UPDATE: out-of-bound write in tiffcrop
- debian/patches/CVE-2022-3599.patch: Revised handling of TIFFTAG_INKNAMES
and related TIFFTAG_NUMBEROFINKS value
- CVE-2022-3599
* SECURITY UPDATE: stack overflow in _TIFFVGetField
- debian/patches/CVE-2022-34526.patch: Add _TIFFCheckFieldIsValidForCodec()
return FALSE when passed a codec-specific tag and the codec is not
configured
- CVE-2022-34526
-- Nishit Majithia <email address hidden> Tue, 01 Nov 2022 20:55:02 +0530
|
Source diff to previous version |
CVE-2022-2867 |
libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcro |
CVE-2022-2868 |
libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is ab |
CVE-2022-2869 |
libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker wh |
CVE-2022-3570 |
Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory acces |
CVE-2022-3598 |
LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-servi |
CVE-2022-3599 |
LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted |
CVE-2022-34526 |
A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service |
|
tiff (4.1.0+git191117-2ubuntu0.20.04.5) focal-security; urgency=medium
* SECURITY UPDATE: buffer overflow issue in tiffinfo tool
- debian/patches/CVE-2022-1354.patch: TIFFReadDirectory: fix OJPEG hack
- CVE-2022-1354
* SECURITY UPDATE: buffer overflow issue in tiffcp tool
- debian/patches/CVE-2022-1355.patch: tiffcp: avoid buffer overflow in
"mode" string.
- CVE-2022-1355
* SECURITY UPDATE: Divide By Zero error in tiffcrop
- debian/patches/CVE-2022-2056_2057_2058.patch: fix the FPE in tiffcrop
- CVE-2022-2056
- CVE-2022-2057
- CVE-2022-2058
-- Nishit Majithia <email address hidden> Fri, 19 Sep 2022 19:19:45 +0530
|
Source diff to previous version |
CVE-2022-1354 |
A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TI |
CVE-2022-1355 |
A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiff |
CVE-2022-2056 |
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libti |
CVE-2022-2057 |
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libti |
CVE-2022-2058 |
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libti |
|
tiff (4.1.0+git191117-2ubuntu0.20.04.4) focal-security; urgency=medium
* SECURITY UPDATE: NULL Pointer Dereference
- debian/patches/CVE-2022-0907.patch: add checks for return value of
limitMalloc in tools/tiffcrop.c.
- debian/patches/CVE-2022-0908.patch: avoid
calling memcpy() with a null source pointer and size of zero in
libtiff/tif_dirread.c.
- CVE-2022-0907
- CVE-2022-0908
* SECURITY UPPDATE: floating point exception
- debian/patches/CVE-2022-0909.patch: fix the FPE in tiffcrop by
checking if variable is Nan in libtiff/tif_dir.c.
- CVE-2022-0909
* SECURITY UPDATE: heap buffer overflow in cpContigBufToSeparateBuf
- debian/patches/CVE-2022-0924.patch: fix heap buffer overflow in
tools/tiffcp.c.
- CVE-2022-0924
* SECURITY UPDATE: out-of-bounds with custom tag
- debian/patches/CVE-2022-22844.patch: fix global-buffer-overflow
for ASCII tags where count is required in tools/tiffset.c.
- CVE-2022-22844
-- David Fernandez Gonzalez <email address hidden> Wed, 07 Sep 2022 11:01:17 +0200
|
Source diff to previous version |
CVE-2022-0907 |
Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file |
CVE-2022-0908 |
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could le |
CVE-2022-0909 |
Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libti |
CVE-2022-0924 |
Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile lib |
CVE-2022-22844 |
LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of th |
|
tiff (4.1.0+git191117-2ubuntu0.20.04.3) focal-security; urgency=medium
* SECURITY UPDATE: malloc failure in TIFF2RGBA tool
- debian/patches/CVE-2020-35522.patch: enforce (configurable) memory
limit in tools/tiff2rgba.c.
- CVE-2020-35522
* SECURITY UPDATE: null pointer in TIFFReadDirectory
- debian/patches/CVE-2022-0561.patch: add sanity check to ensure
pointer provided to memcpy is not null in libtiff/tif_dirread.c.
- CVE-2022-0561
* SECURITY UPDATE: null pointer in TIFFFetchStripThing
- debian/patches/CVE-2022-0562.patch: add sanity check to ensure
pointer provided to memcpy is not null in libtiff/tif_dirread.c.
- CVE-2022-0562
* SECURITY UPDATE: denial of service through assertion failure.
- debian/patches/CVE-2022-0865.patch: reset flags to initial state
when file has multiple IFD and when bit reversal is needed in
libtiff/tif_jbig.c.
- CVE-2022-0865
* SECURITY UPDATE: heap buffer overflow in ExtractImageSection
- debian/patches/CVE-2022-0891.patch: correct wrong formula for
image row size calculation in tools/tiffcrop.c.
- CVE-2022-0891
-- David Fernandez Gonzalez <email address hidden> Thu, 12 May 2022 17:05:25 +0200
|
CVE-2020-35522 |
In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service |
CVE-2022-0561 |
Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 |
CVE-2022-0562 |
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 coul |
CVE-2022-0865 |
Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff |
CVE-2022-0891 |
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bou |
|
About
-
Send Feedback to @ubuntu_updates