Advisories » MGASA-2018-0208

Updated libtiff packages fix security vulnerability

Publication date: 20 Apr 2018
Modification date: 20 Apr 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2018-7456

Description

A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in
tif_print.c in LibTIFF 4.0.9 when using the tiffinfo tool to print
crafted TIFF information, a different vulnerability than CVE-2017-18013.
(This affects an earlier part of the TIFFPrintDirectory function that
was not addressed by the CVE-2017-18013 patch.). (CVE-2018-7456)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22920
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456

SRPMS

5/core

• libtiff-4.0.9-1.3.mga5

6/core

• libtiff-4.0.9-1.3.mga6