Updated libtiff packages fix security vulnerability
Publication date: 22 Feb 2019Modification date: 22 Feb 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-7663
Description
An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900. (CVE-2019-7663) The invertImage() function in tiffcrop.c:9206 allows remote attackers to cause a denial of service (heap buffer overflow) via invert color space.
References
SRPMS
6/core
- libtiff-4.0.10-1.git20190219.1.mga6