Advisories » MGASA-2021-0098

Updated libtiff packages fix security vulnerabilities

Publication date: 04 Mar 2021
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-35523 , CVE-2020-35524 , CVE-2020-19143 , CVE-2020-35521 , CVE-2020-35522

Description

The updated libtiff packages fix security vulnerabilities:
- Integer overflow in tif_getimage.c (CVE-2020-35523).
- Heap-based buffer overflow in TIFF2PDF tool (CVE-2020-35524).
- Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of
  service via the “TIFFVGetField” funtion in the component
  ‘libtiff/tif_dir.c’. (CVE-2020-19143)
- Memory allocation failure in tiff2rgba (CVE-2020-35521)
- Memory allocation failure in tiff2rgba (CVE-2020-35522)
                

References

SRPMS

7/core