[ubuntu/bionic-security] tiff 4.0.9-5ubuntu0.6 (Accepted)
David Fernandez Gonzalez
david.fernandezgonzalez at canonical.com
Mon Sep 12 07:23:02 UTC 2022
tiff (4.0.9-5ubuntu0.6) bionic-security; urgency=medium
* SECURITY UPDATE: NULL Pointer Dereference
- debian/patches/CVE-2022-0907.patch: add checks for return value of
limitMalloc in tools/tiffcrop.c.
- debian/patches/CVE-2022-0908.patch: avoid
calling memcpy() with a null source pointer and size of zero in
libtiff/tif_dirread.c.
- CVE-2022-0907
- CVE-2022-0908
* SECURITY UPPDATE: floating point exception
- debian/patches/CVE-2022-0909.patch: fix the FPE in tiffcrop by
checking if variable is Nan in libtiff/tif_dir.c.
- CVE-2022-0909
* SECURITY UPDATE: heap buffer overflow in cpContigBufToSeparateBuf
- debian/patches/CVE-2022-0924.patch: fix heap buffer overflow in
tools/tiffcp.c.
- CVE-2022-0924
* SECURITY UPDATE: out-of-bounds with custom tag
- debian/patches/CVE-2022-22844.patch: fix global-buffer-overflow
for ASCII tags where count is required in tools/tiffset.c.
- CVE-2022-22844
Date: 2022-09-09 09:30:08.843229+00:00
Changed-By: David Fernandez Gonzalez <david.fernandezgonzalez at canonical.com>
https://launchpad.net/ubuntu/+source/tiff/4.0.9-5ubuntu0.6
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list