Security update for tiff
tiff was updated to version 4.0.4 to fix six security issues found by fuzzing initiatives.
These security issues were fixed:
- CVE-2014-8127: Out-of-bounds write (bnc#914890).
- CVE-2014-9655: Access of uninitialized memory (bnc#916927).
- CVE-2014-8130: Out-of-bounds write (bnc#914890).
- CVE-2015-1547: Use of uninitialized memory in NeXTDecode (bnc#916925).
- CVE-2014-8129: Out-of-bounds write (bnc#914890).
- CVE-2014-8128: Out-of-bounds write (bnc#914890).
-
Submitted by
Petr Gajdos (pgajdos)
Fixed bugs
bnc#914890
VUL-1: CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130: tiff: libtiff3: out-of-bounds read with malformed TIFF image in multiple tools
bnc#916925
VUL-1: CVE-2015-1547: tiff: Use of uninitialized memory in NeXTDecode
bnc#916927
VUL-1: CVE-2014-9655: tiff: Access of uninitialized memory
