UbuntuUpdates.org

Package "libtiff6"

Name: libtiff6

Description:

Tag Image File Format (TIFF) library
Latest version: 4.5.1+git230720-4ubuntu2.3
Release: noble (24.04)
Level: updates
Repository: main
Head package: tiff
Homepage: https://libtiff.gitlab.io/libtiff/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libtiff6"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libtiff6" in Noble

Repository Area Version
base main 4.5.1+git230720-4ubuntu2
security main 4.5.1+git230720-4ubuntu2.3

Changelog

Version: 4.5.1+git230720-4ubuntu2.3 2025-08-20 20:56:28 UTC

  tiff (4.5.1+git230720-4ubuntu2.3) noble-security; urgency=medium

  * SECURITY UPDATE: null-pointer dereference
    - d/p/CVE-2025-8534.patch: tiff2ps: check return of TIFFGetFiled() to
      fix
    - CVE-2025-8534
  * SECURITY UPDATE: use-after-free issue
    - d/p/CVE-2025-8176.patch: fix heap use-after-free in tiffmedian
    - CVE-2025-8176
  * SECURITY UPDATE: stack-based buffer overflow
    - d/p/CVE-2025-8851.patch: address tiffcrop buffer overflow issues
    - CVE-2025-8851

 -- Nishit Majithia <email address hidden> Wed, 20 Aug 2025 15:54:11 +0530
Source diff to previous version
CVE-2025-8534 A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c
CVE-2025-8176 A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file
CVE-2025-8851 A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer of the file tools/tiffcrop.

Version: 4.5.1+git230720-4ubuntu2.2 2024-09-09 14:07:07 UTC

  tiff (4.5.1+git230720-4ubuntu2.2) noble-security; urgency=medium

  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2024-7006.patch: adds check for the return value
      of _TIFFCreateAnonField() to handle potential NULL pointers in
      libtiff/tif_dirinfo.c and libtiff/tif_dirread.c.
    - CVE-2024-7006

 -- Ian Constantin <email address hidden> Thu, 05 Sep 2024 16:59:36 +0300
Source diff to previous version
CVE-2024-7006 A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures thro

Version: 4.5.1+git230720-4ubuntu2.1 2024-06-11 08:10:34 UTC

  tiff (4.5.1+git230720-4ubuntu2.1) noble-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow in tiffcrop.c
    - debian/patches/CVE-2023-3164.patch: heap buffer overflow in tiffcrop.c
    - CVE-2023-3164

 -- Bruce Cable <email address hidden> Wed, 29 May 2024 15:09:58 +1000
CVE-2023-3164 A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw all


About   -   Send Feedback to @ubuntu_updates