AVG-2721 log

Package libtiff
Status Vulnerable
Severity Medium
Type denial of service
Affected 4.3.0-2
Fixed Unknown
Current 4.6.0-2 [extra]
Ticket FS#74772
Created Mon May 16 19:21:54 2022
Issue Severity Remote Type Description
CVE-2022-1355 Medium No Denial of service
A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp...
CVE-2022-1354 Low No Denial of service
A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file...
References
https://security.archlinux.org/CVE-2022-1354
https://security.archlinux.org/CVE-2022-1355
Notes
https://bugs.archlinux.org/task/74772