Package "libtiff5"
| Name: |
libtiff5
|
Description: |
Tag Image File Format (TIFF) library
|
| Latest version: |
4.3.0-6ubuntu0.10 |
| Release: |
jammy (22.04) |
| Level: |
security |
| Repository: |
main |
| Head package: |
tiff |
| Homepage: |
https://libtiff.gitlab.io/libtiff/ |
Links
Download "libtiff5"
Other versions of "libtiff5" in Jammy
Changelog
|
tiff (4.3.0-6ubuntu0.5) jammy-security; urgency=medium
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2022-48281.patch: correct simple copy paste error in
tiffcrop.c.
- CVE-2022-48281
* SECURITY UPDATE: NULL pointer dereference
- d/p/0001-countInkNamesString-fix-UndefinedBehaviorSanitizer-a.patch: Fix
undefined behavior in tif_dir.c.
- CVE-2023-2908
* SECURITY UPDATE: NULL pointer dereference
- d/p/0002-TIFFClose-avoid-NULL-pointer-dereferencing.-fix-515.patch: avoid
NULL pointer dereferencing in tif_close.c.
- CVE-2023-3316
* SECURITY UPDATE: buffer overflow
- d/p/0003-Consider-error-return-of-writeSelections.patch: Consider error
return of writeSelections() in tiffcrop.c.
- CVE-2023-3618
* SECURITY UPDATE: heap-based buffer overflow
- d/p/0004-tiffcrop-correctly-update-buffersize-after-rotateIma.patch:
correctly update buffersize after rotateImage() and enlarge buffsize and
check integer overflow within rotateImage() in tiffcrop.c.
- CVE-2023-25433
* SECURITY UPDATE: Use after free
- d/p/0005-tiffcrop-Do-not-reuse-input-buffer-for-subsequent-im.patch: Do
not reuse input buffer for subsequent images in tiffcrop.c.
- CVE-2023-26965
* SECURITY UPDATE: buffer overflow
- d/p/0006-tif_luv-Check-and-correct-for-NaN-data-in-uv_encode.patch: Check
and correct for NaN data in uv_encode() in tif_luv.c.
- CVE-2023-26966
* SECURITY UPDATE: Integer overflow
- d/p/0007-tiffcp-fix-memory-corruption-overflow-on-hostile-ima.patch: fix
memory corruption (overflow) in tiffcp.c.
- CVE-2023-38288
* SECURITY UPDATE: Integer overflow
- d/p/0008-raw2tiff-fix-integer-overflow-and-bypass-of-the-chec.patch: fix
integer overflow and bypass of the check in raw2tiff.c.
- CVE-2023-38289
-- Fabian Toepfer <email address hidden> Mon, 07 Aug 2023 17:56:53 +0200
|
| Source diff to previous version |
| CVE-2022-48281 |
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF |
| CVE-2023-2908 |
A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tif |
| CVE-2023-3618 |
A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in li |
| CVE-2023-25433 |
libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop |
| CVE-2023-26965 |
loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image. |
| CVE-2023-26966 |
libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be b |
| CVE-2023-38288 |
libtiff: integer overflow in tiffcp.c |
| CVE-2023-38289 |
libtiff: potential integer overflow in raw2tiff.c |
|
|
tiff (4.3.0-6ubuntu0.4) jammy-security; urgency=medium
* SECURITY UPDATE: out-of-bounds reads
- debian/patches/CVE-2023-0795.patch: Amend rotateImage() not to toggle the
input image width and length parameters when only cropped image sections
are rotated in tiffcrop.c.
- CVE-2023-0795
- CVE-2023-0796
- CVE-2023-0797
- CVE-2023-0798
- CVE-2023-0799
* SECURITY UPDATE: out-of-bounds writes
- debian/patches/CVE-2023-0800.patch: added check for assumption on
composite images in tiffcrop.c.
- CVE-2023-0800
- CVE-2023-0801
- CVE-2023-0802
- CVE-2023-0803
- CVE-2023-0804
-- Fabian Toepfer <email address hidden> Fri, 03 Mar 2023 17:17:55 +0100
|
| Source diff to previous version |
| CVE-2023-0795 |
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file |
| CVE-2023-0796 |
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file |
| CVE-2023-0797 |
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing a |
| CVE-2023-0798 |
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file |
| CVE-2023-0799 |
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file |
| CVE-2023-0800 |
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff fil |
| CVE-2023-0801 |
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing |
| CVE-2023-0802 |
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff fil |
| CVE-2023-0803 |
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff fil |
| CVE-2023-0804 |
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff fil |
|
|
tiff (4.3.0-6ubuntu0.3) jammy-security; urgency=medium
* SECURITY UPDATE: unsigned integer overflow
- debian/patches/CVE-2022-3970.patch: adds size_t type casts in the
TIFFReadRGBATile function in libtiff/tif_getimage.c.
- CVE-2022-3970
-- David Fernandez Gonzalez <email address hidden> Thu, 01 Dec 2022 10:12:53 +0100
|
| Source diff to previous version |
| CVE-2022-3970 |
A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getim |
|
|
tiff (4.3.0-6ubuntu0.2) jammy-security; urgency=medium
* SECURITY UPDATE: out-of-bound read/write in tiffcrop
- debian/patches/CVE-2022-2867_2868_2869.patch: Fix heap-buffer-overflow by
correcting uint32_t underflow
- CVE-2022-2867
- CVE-2022-2868
- CVE-2022-2869
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2022-3570_3598.patch: increases buffer sizes for
subroutines in tools/tiffcrop.c.
- CVE-2022-3570
- CVE-2022-3598
* SECURITY UPDATE: out-of-bound write in tiffcrop
- debian/patches/CVE-2022-3599.patch: Revised handling of TIFFTAG_INKNAMES
and related TIFFTAG_NUMBEROFINKS value
- CVE-2022-3599
* SECURITY UPDATE: stack overflow in _TIFFVGetField
- debian/patches/CVE-2022-34526.patch: Add _TIFFCheckFieldIsValidForCodec()
return FALSE when passed a codec-specific tag and the codec is not
configured
- CVE-2022-34526
-- Nishit Majithia <email address hidden> Wed, 02 Nov 2022 13:55:08 +0530
|
| Source diff to previous version |
| CVE-2022-2867 |
libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcro |
| CVE-2022-2868 |
libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is ab |
| CVE-2022-2869 |
libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker wh |
| CVE-2022-3570 |
Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory acces |
| CVE-2022-3598 |
LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-servi |
| CVE-2022-3599 |
LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted |
| CVE-2022-34526 |
A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service |
|
|
tiff (4.3.0-6ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: buffer overflow issue in tiffinfo tool
- debian/patches/CVE-2022-1354.patch: TIFFReadDirectory: fix OJPEG hack
- CVE-2022-1354
* SECURITY UPDATE: buffer overflow issue in tiffcp tool
- debian/patches/CVE-2022-1355.patch: tiffcp: avoid buffer overflow in
"mode" string.
- CVE-2022-1355
* SECURITY UPDATE: Divide By Zero error in tiffcrop
- debian/patches/CVE-2022-2056_2057_2058.patch: fix the FPE in tiffcrop
- CVE-2022-2056
- CVE-2022-2057
- CVE-2022-2058
-- Nishit Majithia <email address hidden> Fri, 19 Sep 2022 19:24:29 +0530
|
| CVE-2022-1354 |
A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TI |
| CVE-2022-1355 |
A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiff |
| CVE-2022-2056 |
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libti |
| CVE-2022-2057 |
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libti |
| CVE-2022-2058 |
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libti |
|
About
-
Send Feedback to @ubuntu_updates
