Mageia Advisory: MGASA-2016-0361 - Updated libtiff packages fix security vulnerability

Updated libtiff packages fix security vulnerability

Publication date: 02 Nov 2016
Modification date: 02 Nov 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2014-8127 , CVE-2016-3658

Description

The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in
the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to
cause a denial of service (out-of-bounds read) via vectors involving the
ma variable (CVE-2016-3658).

They also fix:

An out-of-bound read of up to 3 bytes in readContigTilesIntoBuffer().

An out-of-bound read on some tiled images.

Segfault when specifying -r without argument (fax2tiff).

References

https://bugs.mageia.org/show_bug.cgi?id=19688
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8127
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3658

SRPMS

5/core

libtiff-4.0.6-1.5.mga5

Advisories » MGASA-2016-0361

Updated libtiff packages fix security vulnerability

Description

References

SRPMS

5/core