AVG-791

Package lib32-libtiff
Status Fixed
Severity High
Type multiple issues
Affected 4.0.9-1
Fixed 4.0.10-1
Current 4.0.10-1 [multilib]
Ticket FS#60599
Created Fri Oct 26 12:35:22 2018
Issue Severity Remote Type Description
CVE-2018-8905 High Yes Arbitrary code execution
In LibTIFF before 4.0.10, a heap-based buffer overflow (out-of-bounds write) occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as...
CVE-2018-7456 Medium Yes Denial of service
A null pointer dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF before 4.0.10 when using the tiffinfo tool to print crafted...
CVE-2018-5784 Medium Yes Denial of service
In LibTIFF before 4.0.10, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this...
CVE-2018-18661 Medium Yes Denial of service
A null-pointer dereference has been found in LibTIFF before 4.0.10 in the LZWDecode() function in the file tif_lzw.c.
CVE-2018-18557 High Yes Arbitrary code execution
LibTIFF before 4.0.10 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode...
CVE-2018-10963 Medium Yes Denial of service
The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF before 4.0.10 allows remote attackers to cause a denial of service (assertion failure and...
CVE-2018-10779 Medium Yes Information disclosure
A heap-based out-of-bounds read has been found in libtiff before 4.0.10, in the TIFFWriteScanline() function. The issue is caused by a uint32_t overflow on...
CVE-2017-9935 High Yes Arbitrary code execution
In LibTIFF before 4.0.10, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to...
CVE-2017-18013 Medium Yes Denial of service
A null-pointer dereference issue has been found in libtiff before 4.0.10, in the TIFFPrintDirectory() function in tiffinfo.c, while parsing the "1 Strips: "...
CVE-2017-11613 Medium Yes Denial of service
In LibTIFF before 4.0.10, there is a denial of service vulnerability in the TIFFOpen function triggered by resource consumption via crafted input files....
Date Advisory Package Description
20 Nov 2018 ASA-201811-18 lib32-libtiff multiple issues