UbuntuUpdates.org

Package "tiff"

Name: tiff

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • TIFF manipulation and conversion tools
  • TIFF manipulation and conversion tools
Latest version: 4.5.1+git230720-4ubuntu4.2
Release: plucky (25.04)
Level: updates
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "tiff" in Plucky

Repository Area Version
base main 4.5.1+git230720-4ubuntu4
base universe 4.5.1+git230720-4ubuntu4
security main 4.5.1+git230720-4ubuntu4.2
security universe 4.5.1+git230720-4ubuntu4.2
updates main 4.5.1+git230720-4ubuntu4.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 4.5.1+git230720-4ubuntu4.2 2025-09-29 20:06:55 UTC

  tiff (4.5.1+git230720-4ubuntu4.2) plucky-security; urgency=medium

  * SECURITY UPDATE: Memory corruption.
    - debian/patches/CVE-2025-8961.patch: Add _TIFFfree and extra read_buff
      check in tools/tiffcrop.c.
    - CVE-2025-8961
  * SECURITY UPDATE: Memory leak.
    - debian/patches/CVE-2025-9165.patch: Add TIFFClose in tools/tiffcmp.c.
    - CVE-2025-9165
  * SECURITY UPDATE: Out of bounds write when processing specially crafted
    TIFF files.
    - debian/patches/CVE-2025-9900.patch: Add img->height and img->width
      checks in libtiff/tif_getimage.c.
    - CVE-2025-9900

 -- Hlib Korzhynskyy <email address hidden> Wed, 24 Sep 2025 12:36:47 -0230
Source diff to previous version
CVE-2025-8961 A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulat
CVE-2025-9165 A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tif
CVE-2025-9900 A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF imag

Version: 4.5.1+git230720-4ubuntu4.1 2025-08-20 20:56:33 UTC

  tiff (4.5.1+git230720-4ubuntu4.1) plucky-security; urgency=medium

  * SECURITY UPDATE: null-pointer dereference
    - d/p/CVE-2025-8534.patch: tiff2ps: check return of TIFFGetFiled() to
      fix
    - CVE-2025-8534
  * SECURITY UPDATE: use-after-free issue
    - d/p/CVE-2025-8176.patch: fix heap use-after-free in tiffmedian
    - CVE-2025-8176
  * SECURITY UPDATE: stack-based buffer overflow
    - d/p/CVE-2025-8851.patch: address tiffcrop buffer overflow issues
    - CVE-2025-8851

 -- Nishit Majithia <email address hidden> Wed, 20 Aug 2025 15:49:38 +0530
CVE-2025-8534 A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c
CVE-2025-8176 A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file
CVE-2025-8851 A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer of the file tools/tiffcrop.


About   -   Send Feedback to @ubuntu_updates