AVG-813 log

Package libtiff
Status Fixed
Severity High
Type multiple issues
Affected 4.0.9-1
Fixed 4.0.9-2
Current 4.7.0-1 [extra]
Ticket None
Created Tue Nov 20 09:22:26 2018
Issue Severity Remote Type Description
CVE-2018-10963 Medium Yes Denial of service
The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF before 4.0.10 allows remote attackers to cause a denial of service (assertion failure and...
CVE-2018-8905 High Yes Arbitrary code execution
In LibTIFF before 4.0.10, a heap-based buffer overflow (out-of-bounds write) occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as...
CVE-2018-7456 Medium Yes Denial of service
A null pointer dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF before 4.0.10 when using the tiffinfo tool to print crafted...
CVE-2018-5784 Medium Yes Denial of service
In LibTIFF before 4.0.10, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this...
CVE-2017-18013 Medium Yes Denial of service
A null-pointer dereference issue has been found in libtiff before 4.0.10, in the TIFFPrintDirectory() function in tiffinfo.c, while parsing the "1 Strips: "...