UbuntuUpdates.org

Package "tiff"

Name: tiff

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • TIFF manipulation and conversion tools
  • TIFF manipulation and conversion tools
Latest version: 4.3.0-1ubuntu0.1
Release: impish (21.10)
Level: security
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "tiff" in Impish

Repository Area Version
base main 4.3.0-1
base universe 4.3.0-1
security main 4.3.0-1ubuntu0.1
updates main 4.3.0-1ubuntu0.1
updates universe 4.3.0-1ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 4.3.0-1ubuntu0.1 2022-05-16 08:06:21 UTC

  tiff (4.3.0-1ubuntu0.1) impish-security; urgency=medium

  * SECURITY UPDATE: null pointer in TIFFReadDirectory
    - debian/patches/CVE-2022-0561.patch: add sanity check to ensure
      pointer provided to memcpy is not null in libtiff/tif_dirread.c.
    - CVE-2022-0561
  * SECURITY UPDATE: null pointer in TIFFFetchStripThing
    - debian/patches/CVE-2022-0562.patch: add sanity check to ensure
      pointer provided to memcpy is not null in libtiff/tif_dirread.c.
    - CVE-2022-0562
  * SECURITY UPDATE: denial of service through assertion failure.
    - debian/patches/CVE-2022-0865.patch: reset flags to initial state
      when file has multiple IFD and when bit reversal is needed in
      libtiff/tif_jbig.c.
    - CVE-2022-0865
  * SECURITY UPDATE: heap buffer overflow in ExtractImageSection
    - debian/patches/CVE-2022-0891.patch: correct wrong formula for
      image row size calculation in tools/tiffcrop.c.
    - CVE-2022-0891

 -- David Fernandez Gonzalez <email address hidden> Wed, 11 May 2022 17:07:59 +0200
CVE-2022-0561 Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0
CVE-2022-0562 Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 coul
CVE-2022-0865 Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff
CVE-2022-0891 A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bou


About   -   Send Feedback to @ubuntu_updates