[ubuntu/jammy-security] tiff 4.3.0-6ubuntu0.2 (Accepted)
Nishit Majithia
nishit.majithia at canonical.com
Tue Nov 8 04:01:04 UTC 2022
tiff (4.3.0-6ubuntu0.2) jammy-security; urgency=medium
* SECURITY UPDATE: out-of-bound read/write in tiffcrop
- debian/patches/CVE-2022-2867_2868_2869.patch: Fix heap-buffer-overflow by
correcting uint32_t underflow
- CVE-2022-2867
- CVE-2022-2868
- CVE-2022-2869
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2022-3570_3598.patch: increases buffer sizes for
subroutines in tools/tiffcrop.c.
- CVE-2022-3570
- CVE-2022-3598
* SECURITY UPDATE: out-of-bound write in tiffcrop
- debian/patches/CVE-2022-3599.patch: Revised handling of TIFFTAG_INKNAMES
and related TIFFTAG_NUMBEROFINKS value
- CVE-2022-3599
* SECURITY UPDATE: stack overflow in _TIFFVGetField
- debian/patches/CVE-2022-34526.patch: Add _TIFFCheckFieldIsValidForCodec()
return FALSE when passed a codec-specific tag and the codec is not
configured
- CVE-2022-34526
Date: 2022-11-02 15:51:18.704385+00:00
Changed-By: Nishit Majithia <nishit.majithia at canonical.com>
https://launchpad.net/ubuntu/+source/tiff/4.3.0-6ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list