| Errata ID | 581 |
|---|---|
| Date | 2020-05-06 |
| Source package | tiff |
| Fixed in version | 4.0.8-2+deb9u5 |
| Description | This update addresses the following issues: * Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service or possibly code execution (CVE-2018-12900) * NULL pointer dereference in function _TIFFmemcmp at tif_unix.c (CVE-2018-17000) * Integer overflow in multiply_ms in tools/ppm2tiff.c (CVE-2018-17100) * NULL pointer dereference in TIFFWriteDirectorySec function in tif_dirwrite.c (CVE-2018-19210) * integer overflow in libtiff/tif_dirwrite.c resulting in an invalid pointer dereference (CVE-2019-7663) * integer overflow in _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c (CVE-2019-14973) * integer overflow leading to heap-based buffer overflow in tif_getimage.c (CVE-2019-17546) |
| Additional notes | |
| CVE ID | CVE-2018-12900 CVE-2018-17000 CVE-2018-17100 CVE-2018-19210 CVE-2019-7663 CVE-2019-14973 CVE-2019-17546 |
| UCS Bug number | #51204 |
