tiff 4.0.6-1ubuntu0.3 source package in Ubuntu
Changelog
tiff (4.0.6-1ubuntu0.3) xenial-security; urgency=medium
* SECURITY UPDATE: DoS in tif_read.c
- debian/patches/CVE-2016-10266.patch: fix uint32 overflow in
libtiff/tif_read.c, libtiff/tiffiop.h.
- CVE-2016-10266
* SECURITY UPDATE: DoS in tif_ojpeg.c
- debian/patches/CVE-2016-10267.patch: make OJPEGDecode() early exit in
case of failure in libtiff/tif_ojpeg.c.
- CVE-2016-10267
* SECURITY UPDATE: DoS in tif_unix.c
- debian/patches/CVE-2016-10268.patch: avoid uint32 underflow in
cpDecodedStrips in tools/tiffcp.c.
- CVE-2016-10268
* SECURITY UPDATE: DoS in tif_unix.c
- debian/patches/CVE-2016-10269.patch: fix heap-based buffer overflow
in libtiff/tif_luv.c, libtiff/tif_pixarlog.c.
- CVE-2016-10269
* SECURITY UPDATE: DoS in TIFFWriteDirectoryTagCheckedRational
- debian/patches/CVE-2016-10371.patch: replace assertion by runtime
check in libtiff/tif_dirwrite.c, tools/tiffcrop.c.
- CVE-2016-10371
* SECURITY UPDATE: DoS in putagreytile function
- debian/patches/CVE-2017-7592.patch: add explicit uint32 cast in
libtiff/tif_getimage.c.
- CVE-2017-7592
* SECURITY UPDATE: information disclosure in tif_read.c
- debian/patches/CVE-2017-7593.patch: use _TIFFcalloc() to zero in
libtiff/tif_read.c, libtiff/tif_unix.c, libtiff/tif_vms.c,
libtiff/tif_win32.c, libtiff/tiffio.h.
- CVE-2017-7593
* SECURITY UPDATE: DoS in OJPEGReadHeaderInfoSecTablesDcTable
- debian/patches/CVE-2017-7594-1.patch: fix leak in
libtiff/tif_ojpeg.c.
- debian/patches/CVE-2017-7594-2.patch: fix another leak in
libtiff/tif_ojpeg.c.
- CVE-2017-7594
* SECURITY UPDATE: DoS in JPEGSetupEncode
- debian/patches/CVE-2017-7595.patch: avoid integer division by zero in
libtiff/tif_jpeg.c.
- CVE-2017-7595
* SECURITY UPDATE: DoS via undefined behaviour
- debian/patches/CVE-2017-7596_7597_7599_7600.patch: avoir undefined
behaviour in libtiff/tif_dir.c, libtiff/tif_dirread.c,
libtiff/tif_dirwrite.c.
- CVE-2017-7596
- CVE-2017-7597
- CVE-2017-7599
- CVE-2017-7600
* SECURITY UPDATE: DoS via divide-by-zero
- debian/patches/CVE-2017-7598.patch: avoid division by floating point
0 in libtiff/tif_dirread.c.
- CVE-2017-7598
* SECURITY UPDATE: DoS via undefined behaviour
- debian/patches/CVE-2017-7601.patch: validate BitsPerSample in
libtiff/tif_jpeg.c.
- CVE-2017-7601
* SECURITY UPDATE: signed integer overflow
- debian/patches/CVE-2017-7602.patch: avoid potential undefined
behaviour in libtiff/tif_read.c.
- CVE-2017-7602
* SECURITY UPDATE: DoS via memory leak
- debian/patches/CVE-2017-9403_9815.patch: fix memory leak in
libtiff/tif_dirread.c, tools/tiff2ps.c.
- CVE-2017-9403
- CVE-2017-9815
* SECURITY UPDATE: DoS via memory leak
- debian/patches/CVE-2017-9404.patch: fix potential memory leak in
libtiff/tif_ojpeg.c.
- CVE-2017-9404
* SECURITY UPDATE: DoS via memory leak
- debian/patches/CVE-2017-9936.patch: fix memory leak in
libtiff/tif_jbig.c.
- CVE-2017-9936
* SECURITY UPDATE: DoS via assertion
- debian/patches/CVE-2017-10688.patch: replace assertion in
libtiff/tif_dirwrite.c.
- CVE-2017-10688
* SECURITY UPDATE: heap overflow in tiff2pdf.c
- debian/patches/CVE-2017-11335.patch: prevent heap buffer overflow
write in tools/tiff2pdf.c.
- CVE-2017-11335
* SECURITY UPDATE: DoS in TIFFReadDirEntryArray
- debian/patches/CVE-2017-12944.patch: add protection against excessive
memory allocation attempts in libtiff/tif_dirread.c.
- CVE-2017-12944
* SECURITY UPDATE: DoS via assertion
- debian/patches/CVE-2017-13726.patch: replace assertion in
libtiff/tif_dirwrite.c.
- CVE-2017-13726
* SECURITY UPDATE: DoS via assertion
- debian/patches/CVE-2017-13727.patch: replace assertion in
libtiff/tif_dirwrite.c.
- CVE-2017-13727
* SECURITY UPDATE: null pointer dereference
- debian/patches/CVE-2017-18013.patch: fix null pointer dereference in
libtiff/tif_print.c.
- CVE-2017-18013
* SECURITY UPDATE: DoS via resource consumption
- debian/patches/CVE-2018-5784.patch: fix infinite loop in
contrib/addtiffo/tif_overview.c, tools/tiff2pdf.c, tools/tiffcrop.c.
- CVE-2018-5784
-- Marc Deslauriers <email address hidden> Tue, 20 Mar 2018 08:00:42 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Xenial
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- libs
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| tiff_4.0.6.orig.tar.gz | 2.1 MiB | 4d57a50907b510e3049a4bba0d7888930fdfc16ce49f1bf693e5b6247370d68c |
| tiff_4.0.6-1ubuntu0.3.debian.tar.xz | 47.9 KiB | 57629a52d0f397265063c548fd07114ee8360987626d19e020eddb370c3bbe16 |
| tiff_4.0.6-1ubuntu0.3.dsc | 2.3 KiB | 78d1d3d0a9b8b0675e691c82b4ed3e9271eb90b93e29e1435eb15e258a586265 |
Available diffs
Binary packages built by this source
- libtiff-doc: TIFF manipulation and conversion documentation
libtiff is a library providing support for the Tag Image File Format
(TIFF), a widely used format for storing image data. This package
contains documentation.
- libtiff-opengl: TIFF manipulation and conversion tools
libtiff is a library providing support for the Tag Image File Format
(TIFF), a widely used format for storing image data. This package
contains libtiff tools that depend upon opengl. It complements the
libtiff-tools package, which contains the libtiff tools that don't
depend upon opengl.
- libtiff-opengl-dbgsym: debug symbols for package libtiff-opengl
libtiff is a library providing support for the Tag Image File Format
(TIFF), a widely used format for storing image data. This package
contains libtiff tools that depend upon opengl. It complements the
libtiff-tools package, which contains the libtiff tools that don't
depend upon opengl.
- libtiff-tools: TIFF manipulation and conversion tools
libtiff is a library providing support for the Tag Image File Format
(TIFF), a widely used format for storing image data. This package
includes tools for converting TIFF images to and from other formats
and tools for doing simple manipulations of TIFF images. See also
libtiff-opengl.
- libtiff-tools-dbgsym: debug symbols for package libtiff-tools
libtiff is a library providing support for the Tag Image File Format
(TIFF), a widely used format for storing image data. This package
includes tools for converting TIFF images to and from other formats
and tools for doing simple manipulations of TIFF images. See also
libtiff-opengl.
- libtiff5: Tag Image File Format (TIFF) library
libtiff is a library providing support for the Tag Image File Format
(TIFF), a widely used format for storing image data. This package
includes the shared library.
- libtiff5-dbgsym: debug symbols for package libtiff5
libtiff is a library providing support for the Tag Image File Format
(TIFF), a widely used format for storing image data. This package
includes the shared library.
- libtiff5-dev: Tag Image File Format library (TIFF), development files
libtiff is a library providing support for the Tag Image File Format
(TIFF), a widely used format for storing image data. This package
includes the development files, static library, and header files.
- libtiffxx5: Tag Image File Format (TIFF) library -- C++ interface
libtiff is a library providing support for the Tag Image File Format
(TIFF), a widely used format for storing image data. This package
includes the shared library for the experimental C++ interfaces.
- libtiffxx5-dbgsym: debug symbols for package libtiffxx5
libtiff is a library providing support for the Tag Image File Format
(TIFF), a widely used format for storing image data. This package
includes the shared library for the experimental C++ interfaces.
