Advisories ยป MGASA-2018-0246

Updated libtiff packages fix security vulnerabilities

Publication date: 16 May 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2018-10963 , CVE-2018-8905

Description

The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF
through 4.0.9 allows remote attackers to cause a denial of service
(assertion failure and application crash) via a crafted file, a
different vulnerability than CVE-2017-13726. (CVE-2018-10963)

In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function
LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated
by tiff2ps. (CVE-2018-8905)
                

References

SRPMS

5/core

6/core