[ubuntu/focal-security] tiff 4.1.0+git191117-2ubuntu0.20.04.3 (Accepted)

David Fernandez Gonzalez david.fernandezgonzalez at canonical.com
Mon May 16 07:23:35 UTC 2022


tiff (4.1.0+git191117-2ubuntu0.20.04.3) focal-security; urgency=medium

  * SECURITY UPDATE: malloc failure in TIFF2RGBA tool
    - debian/patches/CVE-2020-35522.patch: enforce (configurable) memory
      limit in tools/tiff2rgba.c.
    - CVE-2020-35522
  * SECURITY UPDATE: null pointer in TIFFReadDirectory
    - debian/patches/CVE-2022-0561.patch: add sanity check to ensure
      pointer provided to memcpy is not null in libtiff/tif_dirread.c.
    - CVE-2022-0561
  * SECURITY UPDATE: null pointer in TIFFFetchStripThing
    - debian/patches/CVE-2022-0562.patch: add sanity check to ensure
      pointer provided to memcpy is not null in libtiff/tif_dirread.c.
    - CVE-2022-0562
  * SECURITY UPDATE: denial of service through assertion failure.
    - debian/patches/CVE-2022-0865.patch: reset flags to initial state
      when file has multiple IFD and when bit reversal is needed in
      libtiff/tif_jbig.c.
    - CVE-2022-0865
  * SECURITY UPDATE: heap buffer overflow in ExtractImageSection
    - debian/patches/CVE-2022-0891.patch: correct wrong formula for
      image row size calculation in tools/tiffcrop.c.
    - CVE-2022-0891

Date: 2022-05-12 15:35:25.518761+00:00
Changed-By: David Fernandez Gonzalez <david.fernandezgonzalez at canonical.com>
https://launchpad.net/ubuntu/+source/tiff/4.1.0+git191117-2ubuntu0.20.04.3
-------------- next part --------------
Sorry, changesfile not available.


More information about the Focal-changes mailing list