Source: tiff Version: 4.0.9-6 Severity: important Tags: patch security upstream Forwarded: https://gitlab.com/libtiff/libtiff/merge_requests/38
Hi, The following vulnerability was published for tiff. CVE-2018-18557[0]: | LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a | buffer, ignoring the buffer size, which leads to a tif_jbig.c | JBIGDecode out-of-bounds write. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-18557 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557 [1] https://gitlab.com/libtiff/libtiff/merge_requests/38 Please adjust the affected versions in the BTS as needed. Regards, Salvatore