[ubuntu/bionic-security] tiff 4.0.9-5ubuntu0.6 (Accepted)

David Fernandez Gonzalez david.fernandezgonzalez at canonical.com
Mon Sep 12 07:23:02 UTC 2022


tiff (4.0.9-5ubuntu0.6) bionic-security; urgency=medium

  * SECURITY UPDATE: NULL Pointer Dereference 
    - debian/patches/CVE-2022-0907.patch: add checks for return value of
    limitMalloc in tools/tiffcrop.c.
    - debian/patches/CVE-2022-0908.patch: avoid
    calling memcpy() with a null source pointer and size of zero in
    libtiff/tif_dirread.c.
    - CVE-2022-0907
    - CVE-2022-0908
  * SECURITY UPPDATE: floating point exception 
    - debian/patches/CVE-2022-0909.patch: fix the FPE in tiffcrop by
    checking if variable is Nan in libtiff/tif_dir.c.
    - CVE-2022-0909
  * SECURITY UPDATE: heap buffer overflow in cpContigBufToSeparateBuf
    - debian/patches/CVE-2022-0924.patch: fix heap buffer overflow in
    tools/tiffcp.c. 
    - CVE-2022-0924
  * SECURITY UPDATE: out-of-bounds with custom tag
    - debian/patches/CVE-2022-22844.patch: fix global-buffer-overflow
    for ASCII tags where count is required in tools/tiffset.c.
    - CVE-2022-22844

Date: 2022-09-09 09:30:08.843229+00:00
Changed-By: David Fernandez Gonzalez <david.fernandezgonzalez at canonical.com>
https://launchpad.net/ubuntu/+source/tiff/4.0.9-5ubuntu0.6
-------------- next part --------------
Sorry, changesfile not available.


More information about the Bionic-changes mailing list