[ubuntu/lunar-security] tiff 4.5.0-5ubuntu1.1 (Accepted)
Fabian Toepfer
fabian.toepfer at canonical.com
Tue Aug 15 21:05:45 UTC 2023
tiff (4.5.0-5ubuntu1.1) lunar-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2023-2731.patch: avoid crash when trying to read again
from a strip with a missing end-of-information marker in tif_lzw.c.
- CVE-2023-2731
* SECURITY UPDATE: NULL pointer dereference
- d/p/0001-countInkNamesString-fix-UndefinedBehaviorSanitizer-a.patch: Fix
undefined behavior in tif_dir.c.
- CVE-2023-2908
* SECURITY UPDATE: buffer overflow
- d/p/0003-Consider-error-return-of-writeSelections.patch: Consider error
return of writeSelections() in tiffcrop.c.
- CVE-2023-3618
* SECURITY UPDATE: heap-based buffer overflow
- d/p/0004-tiffcrop-correctly-update-buffersize-after-rotateIma.patch:
correctly update buffersize after rotateImage() and enlarge buffsize and
check integer overflow within rotateImage() in tiffcrop.c.
- CVE-2023-25433
* SECURITY UPDATE: Use after free
- d/p/0005-tiffcrop-Do-not-reuse-input-buffer-for-subsequent-im.patch: Do
not reuse input buffer for subsequent images in tiffcrop.c.
- CVE-2023-26965
* SECURITY UPDATE: buffer overflow
- d/p/0006-tif_luv-Check-and-correct-for-NaN-data-in-uv_encode.patch: Check
and correct for NaN data in uv_encode() in tif_luv.c.
- CVE-2023-26966
* SECURITY UPDATE: Integer overflow
- d/p/0007-tiffcp-fix-memory-corruption-overflow-on-hostile-ima.patch: fix
memory corruption (overflow) in tiffcp.c.
- CVE-2023-38288
* SECURITY UPDATE: Integer overflow
- d/p/0008-raw2tiff-fix-integer-overflow-and-bypass-of-the-chec.patch: fix
integer overflow and bypass of the check in raw2tiff.c.
- CVE-2023-38289
Date: 2023-08-08 18:39:08.768704+00:00
Changed-By: Fabian Toepfer <fabian.toepfer at canonical.com>
https://launchpad.net/ubuntu/+source/tiff/4.5.0-5ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the lunar-changes
mailing list