Package "tiff"
Name: |
tiff
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- TIFF manipulation and conversion tools
|
Latest version: |
3.9.5-2ubuntu1.12 |
Release: |
precise (12.04) |
Level: |
updates |
Repository: |
universe |
Links
Other versions of "tiff" in Precise
Packages in group
Deleted packages are displayed in grey.
Changelog
tiff (3.9.5-2ubuntu1.12) precise-security; urgency=medium
* SECURITY UPDATE: heap over-read in TIFFWriteScanline
- debian/patches/CVE-2018-10779.patch: fix overflow in
libtiff/tif_write.c.
- CVE-2018-10779
* SECURITY UPDATE: heap over-read in cpSeparateBufToContigBuf
- debian/patches/CVE-2018-12900-1.patch: check for overflow in
tools/tiffcp.c.
- debian/patches/CVE-2018-12900-2.patch: use INT_MAX in tools/tiffcp.c.
- CVE-2018-12900
- CVE-2019-7663
* SECURITY UPDATE: memory leak in TIFFFdOpen
- debian/patches/CVE-2019-6128.patch: properly handle errors in
tools/pal2rgb.c.
- CVE-2019-6128
* SECURITY UPDATE: multiple overflows
- debian/patches/CVE-2018-1710x-*.patch: Avoid overflows in
tools/pal2rgb.c, tools/tiff2bw.c, tools/ppm2tiff.c.
- CVE-2018-17100
- CVE-2018-17101
* SECURITY UPDATE: JBIGDecode out-of-bounds write
- debian/patches/CVE-2018-18557.patch: fix issue in libtiff/tif_jbig.c.
- CVE-2018-18557
-- <email address hidden> (Leonidas S. Barbosa) Thu, 14 Mar 2019 09:56:07 -0300
|
Source diff to previous version |
CVE-2018-10779 |
TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff. |
CVE-2018-12900 |
Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service |
CVE-2019-7663 |
An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpS |
CVE-2019-6128 |
The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb. |
CVE-2018-1710 |
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 tool db2licm is affected by buffer overflow vulnerability that |
CVE-2018-17100 |
An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) o |
CVE-2018-17101 |
An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a deni |
CVE-2018-18557 |
LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out- |
|
tiff (3.9.5-2ubuntu1.9) precise-security; urgency=medium
* SECURITY UPDATE: out-of-bounds reads in TIFFRGBAImage
- debian/patches/CVE-2015-8665-8683.patch: fix out-of-bounds reads in
libtiff/tif_getimage.c.
- CVE-2015-8665
- CVE-2015-8683
* SECURITY UPDATE: out-of-bounds writes in decode function
- debian/patches/CVE-2015-8781-8782-8783.patch: fix out-of-bounds
writes and an out-of-bounds read in libtiff/tif_luv.c.
- CVE-2015-8781
- CVE-2015-8782
- CVE-2015-8783
* SECURITY UPDATE: out-of-bounds write in NeXTDecode()
- debian/patches/CVE-2015-8784.patch: fix out-of-bounds write in
libtiff/tif_next.c.
- CVE-2015-8784
-- Marc Deslauriers <email address hidden> Wed, 23 Mar 2016 10:39:37 -0400
|
Source diff to previous version |
CVE-2015-8665 |
Out-of-bounds Read |
CVE-2015-8683 |
out-of-bounds read in CIE Lab image format |
CVE-2015-8781 |
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compres |
CVE-2015-8782 |
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CV |
CVE-2015-8783 |
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image. |
CVE-2015-8784 |
potential out-of-bound write in NeXTDecode() |
|
tiff (3.9.5-2ubuntu1.8) precise-security; urgency=medium
* SECURITY REGRESSION: regression when saving TIFF files with compression
predictor (LP: #1439186)
- debian/patches/CVE-2014-8128-5.patch: disable until proper upstream
fix is available.
-- Marc Deslauriers <email address hidden> Wed, 01 Apr 2015 14:08:49 -0400
|
Source diff to previous version |
|
tiff (3.9.5-2ubuntu1.7) precise-security; urgency=medium
* SECURITY UPDATE: Fix multiple security issues
- debian/patches/CVE-2014-81xx-1.patch to CVE-2014-81xx-11.patch
- debian/patches/CVE-2014-8128-5.patch
- debian/patches/CVE-2014-9655-1.patch to CVE-2014-9655-3.patch
- debian/patches/read_overrun.patch
- debian/patches/CVE-2014-8130.patch
- CVE-2014-8127 (partially)
- CVE-2014-8128
- CVE-2014-8129
- CVE-2014-8130
- CVE-2014-9330
- CVE-2014-9655
-- Marc Deslauriers <email address hidden> Mon, 30 Mar 2015 08:11:18 -0400
|
Source diff to previous version |
|
tiff (3.9.5-2ubuntu1.6) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via buffer overflow in gif2tiff
- debian/patches/CVE-2013-4231.patch: validate datasize in
tools/gif2tiff.c.
- CVE-2013-4231
* SECURITY UPDATE: denial of service via use-after-free in tiff2pdf
- debian/patches/CVE-2013-4232.patch: properly exit on error in
tools/tiff2pdf.c.
- CVE-2013-4232
* SECURITY UPDATE: denial of service and possible code execution in
gif2tiff tool
- debian/patches/CVE-2013-4243.patch: check width and height in
tools/gif2tiff.c.
- CVE-2013-4243
* SECURITY UPDATE: denial of service and possible code execution in
gif2tiff tool LZW decompressor
- debian/patches/CVE-2013-4244.patch: validate code size in
tools/gif2tiff.c.
- CVE-2013-4244
-- Marc Deslauriers <email address hidden> Mon, 05 May 2014 15:38:14 -0400
|
CVE-2013-4231 |
Multiple buffer overflows in libtiff before 4.0.3 allow remote ... |
CVE-2013-4232 |
Use-after-free vulnerability in the t2p_readwrite_pdf_image function ... |
CVE-2013-4243 |
Heap-based buffer overflow in the readgifimage function in the ... |
CVE-2013-4244 |
The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier ... |
|
About
-
Send Feedback to @ubuntu_updates