Package "libtiff-tools"
| Name: |
libtiff-tools
|
Description: |
TIFF manipulation and conversion tools
|
| Latest version: |
4.5.1+git230720-1ubuntu1.1 |
| Release: |
mantic (23.10) |
| Level: |
security |
| Repository: |
universe |
| Head package: |
tiff |
| Homepage: |
https://libtiff.gitlab.io/libtiff/ |
Links
Download "libtiff-tools"
Other versions of "libtiff-tools" in Mantic
Changelog
|
tiff (4.5.1+git230720-1ubuntu1.1) mantic-security; urgency=medium
* SECURITY UPDATE: heap based buffer overflow
- debian/patches/CVE-2023-6228.patch: add check for codec configuration
in tools/tiffcp.c.
- CVE-2023-6228
* SECURITY UPDATE: memory exhaustion
- debian/patches/CVE-2023-6277-1.patch: add multiple checks for requested
memory being greater than filesize in libtiff/tif_dirread.c.
- debian/patches/CVE-2023-6277-2.patch: add an extra check for above
condition, to only do it for a defined large request in
libtiff/tif_dirread.c.
- debian/patches/CVE-2023-6277-3.patch: remove one of the checks in
libtiff/tif_dirread.c.
- debian/patches/CVE-2023-6277-4.patch: add the extra check, to only do
it for a defined large request in more methods in libtiff/tif_dirread.c.
- CVE-2023-6277
* SECURITY UPDATE: segmentation fault
- debian/patches/CVE-2023-52356.patch: add row and column check based
on image sizes in libtiff/tif_getimage.c.
- CVE-2023-52356
-- Rodrigo Figueiredo Zaiden <email address hidden> Fri, 09 Feb 2024 18:47:50 -0300
|
| CVE-2023-6228 |
An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer ove |
| CVE-2023-6277 |
An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service vi |
| CVE-2023-52356 |
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw a |
|
About
-
Send Feedback to @ubuntu_updates
