AVG-790

Package libtiff
Status Fixed
Severity High
Type multiple issues
Affected 4.0.9-2
Fixed 4.0.10-1
Current 4.0.10-1 [extra]
Ticket FS#60599
Created Fri Oct 26 12:35:05 2018
Issue Severity Remote Type Description
CVE-2018-18661 Medium Yes Denial of service
A null-pointer dereference has been found in LibTIFF before 4.0.10 in the LZWDecode() function in the file tif_lzw.c.
CVE-2018-18557 High Yes Arbitrary code execution
LibTIFF before 4.0.10 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode...
CVE-2017-9935 High Yes Arbitrary code execution
In LibTIFF before 4.0.10, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to...
CVE-2017-11613 Medium Yes Denial of service
In LibTIFF before 4.0.10, there is a denial of service vulnerability in the TIFFOpen function triggered by resource consumption via crafted input files....
Date Advisory Package Description
20 Nov 2018 ASA-201811-17 libtiff multiple issues