AVG-5

Package libtiff
Status Fixed
Severity Critical
Type arbitrary code execution
Affected 4.0.8-1
Fixed 4.0.8-2
Current 4.0.10-1 [extra]
Ticket FS#54842
Created Sun Sep 18 15:55:04 2016
Issue Severity Remote Type Description
CVE-2016-10095 High No Arbitrary code execution
A stack-based buffer overflow vulnerability was found in libtiff, in the _TIFFVGetField function in tif_dir.c, when running tiffslpit on crafted tiff file.
CVE-2015-7554 Critical Yes Arbitrary code execution
An Invalid memory write flaw was found in libtiff in the way it parsed certain extension tags when reading TIFF format files. An attacker could use this...
Date Advisory Package Description
18 Jul 2017 ASA-201707-17 libtiff arbitrary code execution
Notes
This hasn't been fixed in 4.0.8-1