Updated libtiff packages fix security vulnerability
Publication date: 06 Mar 2022Type: security
Affected Mageia releases : 8
CVE: CVE-2022-0561 , CVE-2022-0562
Description
Null source pointer passed as an argument to memcpy() function within
TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to
4.3.0 could lead to Denial of Service via crafted TIFF file.
(CVE-2022-0561)
Null source pointer passed as an argument to memcpy() function within
TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0
could lead to Denial of Service via crafted TIFF file. (CVE-2022-0562)
References
SRPMS
8/core
- libtiff-4.2.0-1.2.mga8