AVG-237

Package libtiff
Status Fixed
Severity Medium
Type multiple issues
Affected 4.0.7-2
Fixed 4.0.7-3
Current 4.0.10-1 [extra]
Ticket None
Created Mon Apr 10 08:18:18 2017
Issue Severity Remote Type Description
CVE-2017-7602 Medium Yes Denial of service
A security issue has been found in libtiff before 4.0.8, where a crafted TIFF file can trigger an undefined behavior in TIFFReadRawStrip1().
CVE-2017-7601 Medium Yes Denial of service
A security issue has been found in libtiff before 4.0.8, where a crafted TIFF file can trigger an undefined behavior (invalid shift exponent) in JPEGSetupEncode().
CVE-2017-7600 Medium Yes Denial of service
A security issue has been found in libtiff before 4.0.8, where a crafted TIFF file can trigger an undefined behavior.
CVE-2017-7599 Medium Yes Denial of service
A security issue has been found in libtiff before 4.0.8, where a crafted TIFF file can trigger an undefined behavior.
CVE-2017-7598 Medium Yes Denial of service
A security issue has been found in libtiff before 4.0.8, where a crafted TIFF file can trigger a division by zero in TIFFReadDirEntryCheckedRational() or...
CVE-2017-7597 Medium Yes Denial of service
A security issue has been found in libtiff before 4.0.8, where a crafted TIFF file can trigger an undefined behavior.
CVE-2017-7596 Medium Yes Denial of service
A security issue has been found in libtiff before 4.0.8, where a crafted TIFF file can trigger an undefined behavior.
CVE-2017-7595 Medium Yes Denial of service
A security issue has been found in libtiff before 4.0.8, where a crafted tiff image can cause a division by zero in JPEGSetupEncode(), leading to denial of service.
CVE-2017-7594 Medium Yes Denial of service
A security issue has been found in libtiff < 4.0.7, where a crafted tiff image can cause a memory leak in OJPEGReadHeaderInfoSecTablesAcTable().
CVE-2017-7593 Medium Yes Information disclosure
A security issue has been found in libtiff < 4.0.7, where a crafted tiff image can cause a unitialized-memory access in tif_rawdata(), leading to...
CVE-2017-7592 Medium Yes Denial of service
A security issue has been found in libtiff <= 4.0.7, where a crafted TIFF file can trigger an undefined behavior in putagreytile().
Date Advisory Package Description
28 Apr 2017 ASA-201704-10 libtiff multiple issues