[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 4026-1] tiff security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4026-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
January 20, 2025                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : tiff
Version        : 4.2.0-1+deb11u6
CVE ID         : CVE-2023-2908 CVE-2023-3316 CVE-2023-3618 CVE-2023-25433 
                 CVE-2023-26965 CVE-2023-26966 CVE-2023-52356 CVE-2024-7006
Debian Bug     : 

Multiple vulnerabilities were fixed in tiff, a library and tools
providing support for the Tag Image File Format (TIFF).


CVE-2023-2908

    NULL pointer dereference in tif_dir.c

CVE-2023-3316

    NULL pointer dereference in TIFFClose()

CVE-2023-3618

    Buffer overflow in tiffcrop

CVE-2023-25433

    Buffer overflow in tiffcrop

CVE-2023-26965

    Use after free in tiffcrop

CVE-2023-26966

    Buffer overflow in uv_encode()

CVE-2023-52356

    segfault in TIFFReadRGBAStrip()/TIFFReadRGBATile()

CVE-2024-7006

    NULL pointer dereference in TIFFReadDirectory()/TIFFReadCustomDirectory()


For Debian 11 bullseye, these problems have been fixed in version
4.2.0-1+deb11u6.

We recommend that you upgrade your tiff packages.

For the detailed security status of tiff please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tiff

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmeOa4sACgkQiNJCh6LY
mLHueBAAixZGF7C+0tfZJlYlRTL89aOuzmF4AN5k1lpdy9q/zNKJbQa2ELNidpsS
2CYNZcxqX6EGqBgji374TMyn3TBWpbJlElKdBvGkRGaBg8GNE0m4dkkZ+r6vV5Gy
9KIDQgls5LyIZmITMhi9fPwfBA+8ia00Rfk2StbRcts9Rmu3zXdjEHYTpMYX43HU
j7fyvG0cXLioh/f/JIfUSsJ8b6ec0tMcaL+0BjtUHMfYVr2icSQLpX6/kOprJAko
B3V3rF6f06MC+VvfyoF+TbGBidlwJFddOBsCAgNK7049ewCn7XPz3hzONYgyjzT4
0vHExzWppNXAMeTPs8rE3romQ31nWtJvnWpzyGZiwHSm6fQOun6pbS4zD0PeGzAf
k/Eji6d2yhloB5AnVeivatl1kuDWjGNusH5PdJ/34vlWBbJhJksRhjYMDEEr8zi9
lDaf83kPYS0atWIHVPu5P8B8swsi3qFruzaXlH58iyDYrQeXuNVEGThTA9OugjmZ
u6ZLEM7p5zBlLJ/3kGeV9rtvcvDSoOyWsVAc5n63KYDyWQRMDkXLIAMmlIBJBDST
Ao093mhtVp6xY8Og7XwunrLd+sNjAFXXRccG7hcVFShVm223PTjt1LeGsqQFYuPw
4RIcTzDYV7uHXePbdQTkdWjvwmNVpq/lENmlfiTD4yE3ub2sDJo=
=viBQ
-----END PGP SIGNATURE-----


Reply to: