[Bug 54914] Please sync tiff (main) from unstable
Martin Pitt
martin.pitt at ubuntu.com
Wed Aug 2 11:54:04 BST 2006
Public bug reported:
affects distros/ubuntu/tiff
status confirmed
subscribe ubuntu-archive
Please sync tiff (main) from Debian unstable.
Changelog since current edgy version 3.8.2-5:
tiff (3.8.2-6) unstable; urgency=high
.
* Add watch file
* Tavis Ormandy of the Google Security Team discovered several problems
in the TIFF library. The Common Vulnerabilities and Exposures project
identifies the following issues:
- CVE-2006-3459: a stack buffer overflow via TIFFFetchShortPair() in
tif_dirread.c
- CVE-2006-3460: A heap overflow vulnerability was discovered in the
jpeg decoder
- CVE-2006-3461: A heap overflow exists in the PixarLog decoder
- CVE-2006-3462: The NeXT RLE decoder was also vulnerable to a heap
overflow
- CVE-2006-3463: An infinite loop was discovered in
EstimateStripByteCounts()
- CVE-2006-3464: Multiple unchecked arithmetic operations were
uncovered, including a number of the range checking operations
deisgned to ensure the offsets specified in tiff directories are
legitimate.
- A number of codepaths were uncovered where assertions did not hold
true, resulting in the client application calling abort()
- CVE-2006-3465: A flaw was also uncovered in libtiffs custom tag
support
** Affects: tiff (Ubuntu)
Importance: Untriaged
Status: Confirmed
--
Please sync tiff (main) from unstable
https://launchpad.net/bugs/54914
More information about the ubuntu-archive
mailing list