Updated libtiff packages fix security vulnerability
Publication date: 22 Feb 2019Modification date: 22 Feb 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-7663
Description
An Invalid Address dereference was discovered in
TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF
4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c.
Remote attackers could leverage this vulnerability to cause a
denial-of-service via a crafted tiff file. This is different from
CVE-2018-12900. (CVE-2019-7663)
The invertImage() function in tiffcrop.c:9206 allows remote attackers to
cause a denial of service (heap buffer overflow) via invert color space.
References
SRPMS
6/core
- libtiff-4.0.10-1.git20190219.1.mga6