-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -----------------------------------------------------------------------
Debian LTS Advisory DLA-2777-1
debian-lts@lists.debian.orghttps://www.debian.org/lts/security/ Utkarsh Gupta
October 03, 2021
https://wiki.debian.org/LTS- -----------------------------------------------------------------------
Package : tiff
Version : 4.0.8-2+deb9u7
CVE ID : CVE-2020-19131 CVE-2020-19144
Two security issues were found in TIFF, a widely used format for
storing image data, as follows:
CVE-2020-19131
Buffer Overflow in LibTiff allows attackers to cause
a denial of service via the "invertImage()" function
in the component "tiffcrop".
CVE-2020-19144
Buffer Overflow in LibTiff allows attackers to cause
a denial of service via the 'in _TIFFmemcpy' funtion
in the component 'tif_unix.c'.
For Debian 9 stretch, these problems have been fixed in version
4.0.8-2+deb9u7.
We recommend that you upgrade your tiff packages.
For the detailed security status of tiff please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tiffFurther information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at:
https://wiki.debian.org/LTS-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmFZHdsACgkQgj6WdgbD
S5ZE+xAA0WThKamaHcNXZmtPQhJEuE12jES5ZxLtzcMWx+nY/6N+pfQC7Y1PEkf0
fyxYxcHSwN5t3XWBzJ3IB9JQC/CyHXNp2cNXicE6NaI3Fj0p7WuzXZ9TFbIoX9Uf
q3bVfSyquCkpdVbfus2cO+SLUOyESKUgi/m+h2ymIMzH3qPICaC12hmUpbJdFBE6
qlbUOdlOiLnagSt+tKke16IdAidTzDdizPDtxu0y+2VTpFCOe+mVWUpvphg6C1z8
5fcssAcLGbvaMTV1XqMcA/dmXzyyhgEvUlcIhSHvJPRGPrNMbvzPSs0oikzNqDWg
ECetgoQXOrNqXVTa55/SUK1oO+YQwcBC32EzmuV5vMKgTwDjU6oZ8G57ug1q4w6B
sDJlVvjWs4z5qYyMekTunC/84l4GQK0ut4+C64X+x31wJCLa7eQj7zuijDUYj4+c
rQOmi7wO62Mh7/mHfPeUsvrtkcx0xZw6GUoTesrGrkpzjJXiyMmBvvF09V0+m9ie
nLo4e/ojp5WecBtCGoPkGx1UuEBlNj153T1zrDlRLbv6QiEp2ip0oOksABF9qXtE
qTnCHd8W2N4lfN1Tca0aOQMQDXdnxW3Pj+lLzeA7UhwTO8ldrj9AnUZzUFyjknQI
nOaAZVdGVZod9tbzHK5uZeuYTSqDCrt4kJj0YB7msl80lTojL18=
=qdmq
-----END PGP SIGNATURE-----