-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Tue, 17 Jan 2017 15:05:14 -0500
Source: tiff
Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff5-alt-dev libtiff-tools
libtiff-opengl libtiff-doc
Architecture: source all amd64
Version: 4.0.2-6+deb7u9
Distribution: wheezy-security
Urgency: high
Maintainer: Ondřej Surý
Changed-By: Antoine Beaupré
Description:
libtiff-doc - TIFF manipulation and conversion documentation
libtiff-opengl - TIFF manipulation and conversion tools
libtiff-tools - TIFF manipulation and conversion tools
libtiff5 - Tag Image File Format (TIFF) library
libtiff5-alt-dev - Tag Image File Format library (TIFF), alternative
development fil
libtiff5-dev - Tag Image File Format library (TIFF), development files
libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 846837
Changes:
tiff (4.0.2-6+deb7u9) wheezy-security; urgency=high
.
* Non-maintainer upload by the LTS Security Team.
* CVE-2016-3622: The fpAcc function in tif_predict.c in the tiff2rgba
tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a
denial of service (divide-by-zero error) via a crafted TIFF image.
* CVE-2016-3623: The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows
remote attackers to cause a denial of service (divide-by-zero) by
setting the (1) v or (2) h parameter to 0. (Fixed along with
CVE-2016-3624.)
* CVE-2016-3624: The cvtClump function in the rgb2ycbcr tool in
LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial
of service (out-of-bounds write) by setting the "-v" option to -1.
* CVE-2016-3945: Multiple integer overflows in the (1) cvt_by_strip
and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6
and earlier, when -b mode is enabled, allow remote attackers to
cause a denial of service (crash) or execute arbitrary code via a
crafted TIFF image, which triggers an out-of-bounds write.
* CVE-2016-3990: Heap-based buffer overflow in the
horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6
and earlier allows remote attackers to cause a denial of service
(crash) or execute arbitrary code via a crafted TIFF image to
tiffcp.
* CVE-2016-9533: tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write
vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka
"PixarLog horizontalDifference heap-buffer-overflow."
* CVE-2016-9534: tif_write.c in libtiff 4.0.6 has an issue in the error
code path of TIFFFlushData1() that didn't reset the tif_rawcc and
tif_rawcp members. Reported as MSVR 35095, aka "TIFFFlushData1
heap-buffer-overflow."
* CVE-2016-9535: tif_predict.h and tif_predict.c in libtiff 4.0.6 have
assertions that can lead to assertion failures in debug mode, or
buffer overflows in release mode, when dealing with unusual tile size
like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor
heap-buffer-overflow."
* CVE-2016-9536: tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds
write vulnerabilities in heap allocated buffers in
t2p_process_jpeg_strip(). Reported as MSVR 35098, aka
"t2p_process_jpeg_strip heap-buffer-overflow."
* CVE-2016-9537: tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds
write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096,
and MSVR 35097.
* CVE-2016-9538: tools/tiffcrop.c in libtiff 4.0.6 reads an undefined
buffer in readContigStripsIntoBuffer() because of a uint16 integer
overflow. Reported as MSVR 35100.
* CVE-2016-9540: tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds
write on tiled images with odd tile width versus image width.
Reported as MSVR 35103, aka cpStripToTile heap-buffer-overflow.
* CVE-2016-10092: heap-buffer-overflow in tiffcrop
* CVE-2016-10093: uint32 underflow/overflow that can cause heap-based
buffer overflow in tiffcp
* CVE-2017-5225: LibTIFF version 4.0.7 is vulnerable to a heap buffer
overflow in the tools/tiffcp resulting in DoS or code execution via
a crafted BitsPerSample value.
* heap-based buffer overflow in TIFFFillStrip (tif_read.c) (Closes:
846837)
Checksums-Sha1:
b120d6b165aa714ceb198c70b66b5bfab8f93923 2206 tiff_4.0.2-6+deb7u9.dsc
076189d0e951f879324d70b559608dd36b2a3dfa 66599
tiff_4.0.2-6+deb7u9.debian.tar.gz
f64c4677cf44bbff66451f75228b91f8cdeb3d05 411858
libtiff-doc_4.0.2-6+deb7u9_all.deb
49dfadb78b9e59f177daf0e7b609460819b07f8e 237426
libtiff5_4.0.2-6+deb7u9_amd64.deb
875dcb392d1bb3c1ff8b28b20232ff54fdc1a491 75834
libtiffxx5_4.0.2-6+deb7u9_amd64.deb
746d3fc8f9add20d83a8ef7a762db76912083012 379370
libtiff5-dev_4.0.2-6+deb7u9_amd64.deb
a521caf685ee72d0328e05dbc605f80743d7cea7 299890
libtiff5-alt-dev_4.0.2-6+deb7u9_amd64.deb
fffb0cdbdeccc88d4a43a3f191e3c4cf0955a3e5 307280
libtiff-tools_4.0.2-6+deb7u9_amd64.deb
3568b30ba851708264c48efaeb4f15115e394880 81396
libtiff-o
