Updated libtiff packages fix security vulnerabilities
Publication date: 04 Mar 2021Modification date: 01 Nov 2021
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-35523 , CVE-2020-35524 , CVE-2020-19143 , CVE-2020-35521 , CVE-2020-35522
Description
The updated libtiff packages fix security vulnerabilities:
- Integer overflow in tif_getimage.c (CVE-2020-35523).
- Heap-based buffer overflow in TIFF2PDF tool (CVE-2020-35524).
- Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of
service via the “TIFFVGetField” funtion in the component
‘libtiff/tif_dir.c’. (CVE-2020-19143)
- Memory allocation failure in tiff2rgba (CVE-2020-35521)
- Memory allocation failure in tiff2rgba (CVE-2020-35522)
References
- https://bugs.mageia.org/show_bug.cgi?id=28455
- https://ubuntu.com/security/notices/USN-4755-1
- https://ubuntu.com/security/CVE-2020-19143
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35523
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35524
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19143
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35521
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35522
SRPMS
7/core
- libtiff-4.2.0-1.mga7