Package "tiff"

Name: tiff


This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • TIFF manipulation and conversion tools
  • TIFF manipulation and conversion tools

Latest version: 4.5.1+git230720-1ubuntu1.2
Release: mantic (23.10)
Level: security
Repository: universe


Other versions of "tiff" in Mantic

Repository Area Version
base main 4.5.1+git230720-1ubuntu1
base universe 4.5.1+git230720-1ubuntu1
security main 4.5.1+git230720-1ubuntu1.2
updates main 4.5.1+git230720-1ubuntu1.2
updates universe 4.5.1+git230720-1ubuntu1.2

Packages in group

Deleted packages are displayed in grey.


Version: 4.5.1+git230720-1ubuntu1.2 2024-06-11 07:07:10 UTC

  tiff (4.5.1+git230720-1ubuntu1.2) mantic-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow in tiffcrop.c
    - debian/patches/CVE-2023-3164.patch: heap buffer overflow in tiffcrop.c
    - CVE-2023-3164

 -- Bruce Cable <email address hidden> Wed, 29 May 2024 15:09:26 +1000

Source diff to previous version
CVE-2023-3164 A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw all

Version: 4.5.1+git230720-1ubuntu1.1 2024-02-19 19:07:30 UTC

  tiff (4.5.1+git230720-1ubuntu1.1) mantic-security; urgency=medium

  * SECURITY UPDATE: heap based buffer overflow
    - debian/patches/CVE-2023-6228.patch: add check for codec configuration
      in tools/tiffcp.c.
    - CVE-2023-6228
  * SECURITY UPDATE: memory exhaustion
    - debian/patches/CVE-2023-6277-1.patch: add multiple checks for requested
      memory being greater than filesize in libtiff/tif_dirread.c.
    - debian/patches/CVE-2023-6277-2.patch: add an extra check for above
      condition, to only do it for a defined large request in
    - debian/patches/CVE-2023-6277-3.patch: remove one of the checks in
    - debian/patches/CVE-2023-6277-4.patch: add the extra check, to only do
      it for a defined large request in more methods in libtiff/tif_dirread.c.
    - CVE-2023-6277
  * SECURITY UPDATE: segmentation fault
    - debian/patches/CVE-2023-52356.patch: add row and column check based
      on image sizes in libtiff/tif_getimage.c.
    - CVE-2023-52356

 -- Rodrigo Figueiredo Zaiden <email address hidden> Fri, 09 Feb 2024 18:47:50 -0300

CVE-2023-6228 An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer ove
CVE-2023-6277 An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service vi
CVE-2023-52356 A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw a

About   -   Send Feedback to @ubuntu_updates