AVG-5 log
| Package | libtiff |
| Status | Fixed |
| Severity | Critical |
| Type | arbitrary code execution |
| Affected | 4.0.8-1 |
| Fixed | 4.0.8-2 |
| Current | 4.6.0-4 [extra] |
| Ticket | FS#54842 |
| Created | Sun Sep 18 15:55:04 2016 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2016-10095 | High | No | Arbitrary code execution | A stack-based buffer overflow vulnerability was found in libtiff, in the _TIFFVGetField function in tif_dir.c, when running tiffslpit on crafted tiff file. |
| CVE-2015-7554 | Critical | Yes | Arbitrary code execution | An Invalid memory write flaw was found in libtiff in the way it parsed certain extension tags when reading TIFF format files. An attacker could use this... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 18 Jul 2017 | ASA-201707-17 | libtiff | arbitrary code execution |
| Notes |
|---|
This hasn't been fixed in 4.0.8-1 |