UbuntuUpdates.org

Package "libtiff-tools"

Name: libtiff-tools

Description:

TIFF manipulation and conversion tools

Latest version: 3.9.5-2ubuntu1.12
Release: precise (12.04)
Level: security
Repository: main
Head package: tiff
Homepage: http://libtiff.maptools.org

Links


Download "libtiff-tools"


Other versions of "libtiff-tools" in Precise

Repository Area Version
base main 3.9.5-2ubuntu1
updates main 3.9.5-2ubuntu1.12

Changelog

Version: 3.9.5-2ubuntu1.12 2021-05-03 15:06:19 UTC

  tiff (3.9.5-2ubuntu1.12) precise-security; urgency=medium

  * SECURITY UPDATE: heap over-read in TIFFWriteScanline
    - debian/patches/CVE-2018-10779.patch: fix overflow in
      libtiff/tif_write.c.
    - CVE-2018-10779
  * SECURITY UPDATE: heap over-read in cpSeparateBufToContigBuf
    - debian/patches/CVE-2018-12900-1.patch: check for overflow in
      tools/tiffcp.c.
    - debian/patches/CVE-2018-12900-2.patch: use INT_MAX in tools/tiffcp.c.
    - CVE-2018-12900
    - CVE-2019-7663
  * SECURITY UPDATE: memory leak in TIFFFdOpen
    - debian/patches/CVE-2019-6128.patch: properly handle errors in
      tools/pal2rgb.c.
    - CVE-2019-6128
  * SECURITY UPDATE: multiple overflows
    - debian/patches/CVE-2018-1710x-*.patch: Avoid overflows in
      tools/pal2rgb.c, tools/tiff2bw.c, tools/ppm2tiff.c.
    - CVE-2018-17100
    - CVE-2018-17101
  * SECURITY UPDATE: JBIGDecode out-of-bounds write
    - debian/patches/CVE-2018-18557.patch: fix issue in libtiff/tif_jbig.c.
    - CVE-2018-18557

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 14 Mar 2019 09:56:07 -0300

Source diff to previous version
CVE-2018-10779 TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.
CVE-2018-12900 Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service
CVE-2019-7663 An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpS
CVE-2019-6128 The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.
CVE-2018-1710 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 tool db2licm is affected by buffer overflow vulnerability that
CVE-2018-17100 An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) o
CVE-2018-17101 An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a deni
CVE-2018-18557 LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-

Version: 3.9.5-2ubuntu1.9 2016-03-23 20:06:47 UTC

  tiff (3.9.5-2ubuntu1.9) precise-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds reads in TIFFRGBAImage
    - debian/patches/CVE-2015-8665-8683.patch: fix out-of-bounds reads in
      libtiff/tif_getimage.c.
    - CVE-2015-8665
    - CVE-2015-8683
  * SECURITY UPDATE: out-of-bounds writes in decode function
    - debian/patches/CVE-2015-8781-8782-8783.patch: fix out-of-bounds
      writes and an out-of-bounds read in libtiff/tif_luv.c.
    - CVE-2015-8781
    - CVE-2015-8782
    - CVE-2015-8783
  * SECURITY UPDATE: out-of-bounds write in NeXTDecode()
    - debian/patches/CVE-2015-8784.patch: fix out-of-bounds write in
      libtiff/tif_next.c.
    - CVE-2015-8784

 -- Marc Deslauriers <email address hidden> Wed, 23 Mar 2016 10:39:37 -0400

Source diff to previous version
CVE-2015-8665 Out-of-bounds Read
CVE-2015-8683 out-of-bounds read in CIE Lab image format
CVE-2015-8781 tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compres
CVE-2015-8782 tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CV
CVE-2015-8783 tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image.
CVE-2015-8784 potential out-of-bound write in NeXTDecode()

Version: 3.9.5-2ubuntu1.8 2015-04-01 21:06:44 UTC

  tiff (3.9.5-2ubuntu1.8) precise-security; urgency=medium

  * SECURITY REGRESSION: regression when saving TIFF files with compression
    predictor (LP: #1439186)
    - debian/patches/CVE-2014-8128-5.patch: disable until proper upstream
      fix is available.
 -- Marc Deslauriers <email address hidden> Wed, 01 Apr 2015 14:08:49 -0400

Source diff to previous version
1439186 [REGRESSION] Predictor tag fails to be written correctly
CVE-2014-8128 out-of-bounds write

Version: 3.9.5-2ubuntu1.7 2015-03-31 18:06:35 UTC

  tiff (3.9.5-2ubuntu1.7) precise-security; urgency=medium

  * SECURITY UPDATE: Fix multiple security issues
    - debian/patches/CVE-2014-81xx-1.patch to CVE-2014-81xx-11.patch
    - debian/patches/CVE-2014-8128-5.patch
    - debian/patches/CVE-2014-9655-1.patch to CVE-2014-9655-3.patch
    - debian/patches/read_overrun.patch
    - debian/patches/CVE-2014-8130.patch
    - CVE-2014-8127 (partially)
    - CVE-2014-8128
    - CVE-2014-8129
    - CVE-2014-8130
    - CVE-2014-9330
    - CVE-2014-9655
 -- Marc Deslauriers <email address hidden> Mon, 30 Mar 2015 08:11:18 -0400

Source diff to previous version
CVE-2014-8128 out-of-bounds write
CVE-2014-9655 access of uninitialized memory
CVE-2014-8130 divide by zero
CVE-2014-8127 out-of-bound reads
CVE-2014-8129 out-of-bound read and write
CVE-2014-9330 Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) via crafted BMP image, re

Version: 3.9.5-2ubuntu1.6 2014-05-06 14:07:13 UTC

  tiff (3.9.5-2ubuntu1.6) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via buffer overflow in gif2tiff
    - debian/patches/CVE-2013-4231.patch: validate datasize in
      tools/gif2tiff.c.
    - CVE-2013-4231
  * SECURITY UPDATE: denial of service via use-after-free in tiff2pdf
    - debian/patches/CVE-2013-4232.patch: properly exit on error in
      tools/tiff2pdf.c.
    - CVE-2013-4232
  * SECURITY UPDATE: denial of service and possible code execution in
    gif2tiff tool
    - debian/patches/CVE-2013-4243.patch: check width and height in
      tools/gif2tiff.c.
    - CVE-2013-4243
  * SECURITY UPDATE: denial of service and possible code execution in
    gif2tiff tool LZW decompressor
    - debian/patches/CVE-2013-4244.patch: validate code size in
      tools/gif2tiff.c.
    - CVE-2013-4244
 -- Marc Deslauriers <email address hidden> Mon, 05 May 2014 15:38:14 -0400

CVE-2013-4231 Multiple buffer overflows in libtiff before 4.0.3 allow remote ...
CVE-2013-4232 Use-after-free vulnerability in the t2p_readwrite_pdf_image function ...
CVE-2013-4243 Heap-based buffer overflow in the readgifimage function in the ...
CVE-2013-4244 The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier ...



About   -   Send Feedback to @ubuntu_updates