AVG-790 log
| Package | libtiff |
| Status | Fixed |
| Severity | High |
| Type | multiple issues |
| Affected | 4.0.9-2 |
| Fixed | 4.0.10-1 |
| Current | 4.7.1-1 [extra] |
| Ticket | FS#60599 |
| Created | Fri Oct 26 12:35:05 2018 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2018-18661 | Medium | Yes | Denial of service | A null-pointer dereference has been found in LibTIFF before 4.0.10 in the LZWDecode() function in the file tif_lzw.c. |
| CVE-2018-18557 | High | Yes | Arbitrary code execution | LibTIFF before 4.0.10 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode... |
| CVE-2017-11613 | Medium | Yes | Denial of service | In LibTIFF before 4.0.10, there is a denial of service vulnerability in the TIFFOpen function triggered by resource consumption via crafted input files.... |
| CVE-2017-9935 | High | Yes | Arbitrary code execution | In LibTIFF before 4.0.10, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 20 Nov 2018 | ASA-201811-17 | libtiff | multiple issues |