UbuntuUpdates.org

Package "tiff"

Name: tiff

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • TIFF manipulation and conversion documentation
  • TIFF manipulation and conversion tools
  • Tag Image File Format library (TIFF), transitional package
  • Tag Image File Format (TIFF) library

Latest version: 4.0.3-7ubuntu0.11
Release: trusty (14.04)
Level: security
Repository: main

Links



Other versions of "tiff" in Trusty

Repository Area Version
security universe 4.0.3-7ubuntu0.11
updates main 4.0.3-7ubuntu0.11
updates universe 4.0.3-7ubuntu0.11

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 4.0.3-7ubuntu0.11 2019-03-12 14:06:47 UTC

  tiff (4.0.3-7ubuntu0.11) trusty-security; urgency=medium

  * SECURITY UPDATE: heap over-read in TIFFWriteScanline
    - debian/patches/CVE-2018-10779.patch: fix overflow in
      libtiff/tif_write.c.
    - CVE-2018-10779
  * SECURITY UPDATE: heap over-read in cpSeparateBufToContigBuf
    - debian/patches/CVE-2018-12900-1.patch: check for overflow in
      tools/tiffcp.c.
    - debian/patches/CVE-2018-12900-2.patch: use INT_MAX in tools/tiffcp.c.
    - CVE-2018-12900
    - CVE-2019-7663
  * SECURITY UPDATE: NULL pointer dereference in _TIFFmemcmp
    - debian/patches/CVE-2018-17000.patch: add NULL check in
      libtiff/tif_dirwrite.c.
    - CVE-2018-17000
  * SECURITY UPDATE: NULL pointer dereference in TIFFWriteDirectorySec
    - debian/patches/CVE-2018-19210-1.patch: unset transferfunction field
      if necessary in libtiff/tif_dir.c.
    - debian/patches/CVE-2018-19210-2.patch: fix warning in
      libtiff/tif_dir.c.
    - CVE-2018-19210
  * SECURITY UPDATE: memory leak in TIFFFdOpen
    - debian/patches/CVE-2019-6128.patch: properly handle errors in
      tools/pal2rgb.c.
    - CVE-2019-6128

 -- Marc Deslauriers <email address hidden> Mon, 11 Mar 2019 12:51:58 -0400

Source diff to previous version
CVE-2018-10779 TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.
CVE-2018-12900 Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service
CVE-2019-7663 An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpS
CVE-2018-17000 A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an a
CVE-2018-19210 In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service a
CVE-2019-6128 The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.

Version: 4.0.3-7ubuntu0.10 2019-01-22 14:06:54 UTC

  tiff (4.0.3-7ubuntu0.10) trusty-security; urgency=medium

  * SECURITY UPDATE: NULL dereference in TIFFPrintDirectory
    - debian/patches/CVE-2018-7456.patch: properly handle color channels in
      libtiff/tif_dirread.c, libtiff/tif_print.c.
    - CVE-2018-7456
  * SECURITY UPDATE: buffer overflow in LZWDecodeCompat
    - debian/patches/CVE-2018-8905.patch: fix logic in libtiff/tif_lzw.c.
    - CVE-2018-8905
  * SECURITY UPDATE: DoS in TIFFWriteDirectorySec()
    - debian/patches/CVE-2018-10963.patch: avoid assertion in
      libtiff/tif_dirwrite.c.
    - CVE-2018-10963
  * SECURITY UPDATE: multiple overflows
    - debian/patches/CVE-2018-1710x.patch: Avoid overflows in
      tools/pal2rgb.c, tools/tiff2bw.c, tools/ppm2tiff.c.
    - CVE-2018-17100
    - CVE-2018-17101
  * SECURITY UPDATE: JBIGDecode out-of-bounds write
    - debian/patches/CVE-2018-18557.patch: fix issue in libtiff/tif_jbig.c,
      libtiff/tif_read.c.
    - CVE-2018-18557
  * SECURITY UPDATE: NULL pointer dereference in LZWDecode
    - debian/patches/CVE-2018-18661.patch: add checks to tools/tiff2bw.c.
    - CVE-2018-18661

 -- Marc Deslauriers <email address hidden> Thu, 17 Jan 2019 10:06:44 -0500

Source diff to previous version
CVE-2018-7456 A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 4.0.9 when using the tiffinfo tool to print crafted TI
CVE-2018-8905 In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2p
CVE-2018-10963 The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failu
CVE-2018-1710 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 tool db2licm is affected by buffer overflow vulnerability that
CVE-2018-17100 An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) o
CVE-2018-17101 An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a deni
CVE-2018-18557 LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-
CVE-2018-18661 An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.

Version: 4.0.3-7ubuntu0.9 2018-03-26 13:06:38 UTC

  tiff (4.0.3-7ubuntu0.9) trusty-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in gif2tiff
    - debian/patches/CVE-2016-3186.patch: check return code in
      tools/gif2tiff.c.
    - CVE-2016-3186
  * SECURITY UPDATE: buffer overflow in gif2tiff
    - debian/patches/CVE-2016-5102.patch: make warning fatal in
      tools/gif2tiff.c.
    - CVE-2016-5102
  * SECURITY UPDATE: multiple overflows
    - debian/patches/CVE-2016-5318.patch: ignore certain fields in
      libtiff/tif_dir.h, libtiff/tif_dirinfo.c, libtiff/tif_dirread.c.
    - CVE-2016-5318
    - CVE-2017-9147
  * SECURITY UPDATE: bmp2tiff issues
    - debian/patches/CVE-2017-5563_9117.patch: add check to
      tools/bmp2tiff.c.
    - CVE-2017-5563
    - CVE-2017-9117
  * SECURITY UPDATE: heap-based buffer overflow in t2p_write_pdf
    - debian/patches/CVE-2017-9935-1.patch: fix transfer function handling
      in libtiff/tif_dir.c, tools/tiff2pdf.c.
    - debian/patches/CVE-2017-9935-2.patch: fix incorrect type for transfer
      table in tools/tiff2pdf.c.
    - CVE-2017-9935
  * SECURITY UPDATE: DoS in TIFFOpen
    - debian/patches/CVE-2017-11613-1.patch: avoid memory exhaustion in
      libtiff/tif_dirread.c.
    - debian/patches/CVE-2017-11613-2.patch: rework fix in
      libtiff/tif_dirread.c.
    - CVE-2017-11613
  * SECURITY UPDATE: TIFFSetupStrips heap overflow in pal2rgb
    - debian/patches/CVE-2017-17095.patch: add workaround to
      tools/pal2rgb.c.
    - CVE-2017-17095

 -- Marc Deslauriers <email address hidden> Thu, 22 Mar 2018 10:38:02 -0400

Source diff to previous version
CVE-2016-3186 Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash)
CVE-2016-5102 Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service
CVE-2016-5318 Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafte
CVE-2017-9147 LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash
CVE-2017-5563 LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools
CVE-2017-9117 In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual inpu
CVE-2017-9935 In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different
CVE-2017-11613 In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. Durin
CVE-2017-17095 tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and appl

Version: 4.0.3-7ubuntu0.8 2018-03-20 19:06:40 UTC

  tiff (4.0.3-7ubuntu0.8) trusty-security; urgency=medium

  * SECURITY UPDATE: DoS in tif_read.c
    - debian/patches/CVE-2016-10266.patch: fix uint32 overflow in
      libtiff/tif_read.c, libtiff/tiffiop.h.
    - CVE-2016-10266
  * SECURITY UPDATE: DoS in tif_ojpeg.c
    - debian/patches/CVE-2016-10267.patch: make OJPEGDecode() early exit in
      case of failure in libtiff/tif_ojpeg.c.
    - CVE-2016-10267
  * SECURITY UPDATE: DoS in tif_unix.c
    - debian/patches/CVE-2016-10268.patch: avoid uint32 underflow in
      cpDecodedStrips in tools/tiffcp.c.
    - CVE-2016-10268
  * SECURITY UPDATE: DoS in tif_unix.c
    - debian/patches/CVE-2016-10269.patch: fix heap-based buffer overflow
      in libtiff/tif_luv.c, libtiff/tif_pixarlog.c.
    - CVE-2016-10269
  * SECURITY UPDATE: DoS in TIFFWriteDirectoryTagCheckedRational
    - debian/patches/CVE-2016-10371.patch: replace assertion by runtime
      check in libtiff/tif_dirwrite.c, tools/tiffcrop.c.
    - CVE-2016-10371
  * SECURITY UPDATE: DoS in putagreytile function
    - debian/patches/CVE-2017-7592.patch: add explicit uint32 cast in
      libtiff/tif_getimage.c.
    - CVE-2017-7592
  * SECURITY UPDATE: information disclosure in tif_read.c
    - debian/patches/CVE-2017-7593.patch: use _TIFFcalloc() to zero in
      libtiff/tif_read.c, libtiff/tif_unix.c, libtiff/tif_vms.c,
      libtiff/tif_win32.c, libtiff/tiffio.h.
    - CVE-2017-7593
  * SECURITY UPDATE: DoS in OJPEGReadHeaderInfoSecTablesDcTable
    - debian/patches/CVE-2017-7594-1.patch: fix leak in
      libtiff/tif_ojpeg.c.
    - debian/patches/CVE-2017-7594-2.patch: fix another leak in
      libtiff/tif_ojpeg.c.
    - CVE-2017-7594
  * SECURITY UPDATE: DoS in JPEGSetupEncode
    - debian/patches/CVE-2017-7595.patch: avoid integer division by zero in
      libtiff/tif_jpeg.c.
    - CVE-2017-7595
  * SECURITY UPDATE: DoS via undefined behaviour
    - debian/patches/CVE-2017-7596_7597_7599_7600.patch: avoir undefined
      behaviour in libtiff/tif_dir.c, libtiff/tif_dirread.c,
      libtiff/tif_dirwrite.c.
    - CVE-2017-7596
    - CVE-2017-7597
    - CVE-2017-7599
    - CVE-2017-7600
  * SECURITY UPDATE: DoS via divide-by-zero
    - debian/patches/CVE-2017-7598.patch: avoid division by floating point
      0 in libtiff/tif_dirread.c.
    - CVE-2017-7598
  * SECURITY UPDATE: DoS via undefined behaviour
    - debian/patches/CVE-2017-7601.patch: validate BitsPerSample in
      libtiff/tif_jpeg.c.
    - CVE-2017-7601
  * SECURITY UPDATE: signed integer overflow
    - debian/patches/CVE-2017-7602.patch: avoid potential undefined
      behaviour in libtiff/tif_read.c.
    - CVE-2017-7602
  * SECURITY UPDATE: DoS via memory leak
    - debian/patches/CVE-2017-9403_9815.patch: fix memory leak in
      libtiff/tif_dirread.c, tools/tiff2ps.c.
    - CVE-2017-9403
    - CVE-2017-9815
  * SECURITY UPDATE: DoS via memory leak
    - debian/patches/CVE-2017-9404.patch: fix potential memory leak in
      libtiff/tif_ojpeg.c.
    - CVE-2017-9404
  * SECURITY UPDATE: DoS via memory leak
    - debian/patches/CVE-2017-9936.patch: fix memory leak in
      libtiff/tif_jbig.c.
    - CVE-2017-9936
  * SECURITY UPDATE: DoS via assertion
    - debian/patches/CVE-2017-10688.patch: replace assertion in
      libtiff/tif_dirwrite.c.
    - CVE-2017-10688
  * SECURITY UPDATE: heap overflow in tiff2pdf.c
    - debian/patches/CVE-2017-11335.patch: prevent heap buffer overflow
      write in tools/tiff2pdf.c.
    - CVE-2017-11335
  * SECURITY UPDATE: DoS in TIFFReadDirEntryArray
    - debian/patches/CVE-2017-12944.patch: add protection against excessive
      memory allocation attempts in libtiff/tif_dirread.c.
    - CVE-2017-12944
  * SECURITY UPDATE: DoS via assertion
    - debian/patches/CVE-2017-13726.patch: replace assertion in
      libtiff/tif_dirwrite.c.
    - CVE-2017-13726
  * SECURITY UPDATE: DoS via assertion
    - debian/patches/CVE-2017-13727.patch: replace assertion in
      libtiff/tif_dirwrite.c.
    - CVE-2017-13727
  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2017-18013.patch: fix null pointer dereference in
      libtiff/tif_print.c.
    - CVE-2017-18013
  * SECURITY UPDATE: DoS via resource consumption
    - debian/patches/CVE-2018-5784.patch: fix infinite loop in
      contrib/addtiffo/tif_overview.c, tools/tiff2pdf.c, tools/tiffcrop.c.
    - CVE-2018-5784

 -- Marc Deslauriers <email address hidden> Tue, 20 Mar 2018 09:12:24 -0400

Source diff to previous version
CVE-2016-10266 LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to
CVE-2016-10267 LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to
CVE-2016-10268 tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly
CVE-2016-10269 LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a craf
CVE-2016-10371 The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion
CVE-2017-7592 The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a
CVE-2017-7593 tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive informat
CVE-2017-7594 The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) v
CVE-2017-7595 The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and applicati
CVE-2017-7596 LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause
CVE-2017-7597 tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote at
CVE-2017-7599 LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause
CVE-2017-7600 LibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers t
CVE-2017-7598 tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted i
CVE-2017-7601 LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of
CVE-2017-7602 LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have uns
CVE-2017-9403 In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause
CVE-2017-9815 In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a d
CVE-2017-9404 In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to
CVE-2017-9936 In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service att
CVE-2017-10688 In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a
CVE-2017-11335 There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred byte
CVE-2017-12944 The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to caus
CVE-2017-13726 There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted
CVE-2017-13727 There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A cr
CVE-2017-18013 In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.
CVE-2018-5784 In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this v

Version: 4.0.3-7ubuntu0.7 2017-05-30 14:06:41 UTC

  tiff (4.0.3-7ubuntu0.7) trusty-security; urgency=medium

  * SECURITY REGRESSION: JPEG tiff read and write issue due to misapplied
    patches (LP: #1670036)
    - debian/patches/CVE-2016-9297_and_CVE-2016-9448_correct.patch: replace
      two previous patches with one that applies fix to correct location.
    - Thanks to John Cupitt and Even Rouault

 -- Marc Deslauriers <email address hidden> Mon, 29 May 2017 07:35:17 -0400

1670036 Misapplied patches in 4.0.6-2ubuntu0.1 break reading and writing JPEG compressed files
CVE-2016-9297 The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C1
CVE-2016-9448 The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting



About   -   Send Feedback to @ubuntu_updates