Overview

File _patchinfo of Package patchinfo.3784

<patchinfo incident="3784">
  <issue id="1007280" tracker="bnc">VUL-0:  CVE-2016-5652: tiff: tiff2pdf JPEG Compression Tables Heap Buffer Overflow</issue>
  <issue id="1010161" tracker="bnc">VUL-0: CVE-2016-9297: tiff: tif_dirread.c read outside buffer in _TIFFPrintField()</issue>
  <issue id="1010163" tracker="bnc">VUL-1: CVE-2016-9273: tiff: heap overflow</issue>
  <issue id="1011103" tracker="bnc">VUL-0: CVE-2016-9448: tiff: regression introduced by fixing CVE-2016-9297</issue>
  <issue id="1011107" tracker="bnc">VUL-0: CVE-2016-9453: tiff: Out-of-bounds Write memcpy and less bound check in tiff2pdf</issue>
  <issue id="914890" tracker="bnc">VUL-1: CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130: tiff: libtiff3: out-of-bounds read with malformed TIFF image in multiple tools</issue>
  <issue id="974449" tracker="bnc">VUL-1: CVE-2016-3622: tiff: Divide By Zero in the tiff2rgba tool</issue>
  <issue id="974840" tracker="bnc">VUL-1: CVE-2016-3658: tiff: Illegal read in TIFFWriteDirectoryTagLongLong8Array function in tiffset / tif_dirwrite.c</issue>
  <issue id="984813" tracker="bnc">VUL-1: tiff: CVE-2016-5321: Out-of-bounds read in tiffcrop /  DumpModeDecode() function</issue>
  <issue id="984815" tracker="bnc">VUL-1: tiff: CVE-2016-5323: Divide-by-zero in _TIFFFax3fillruns() function (null ptr dereference?)</issue>
  <issue id="987351" tracker="bnc">VUL-1: CVE-2016-5875: tiff: heap-based buffer overflow when using the PixarLog compressionformat</issue>
  <issue id="2014-8127" tracker="cve" />
  <issue id="2016-3622" tracker="cve" />
  <issue id="2016-3658" tracker="cve" />
  <issue id="2016-5321" tracker="cve" />
  <issue id="2016-5323" tracker="cve" />
  <issue id="2016-5652" tracker="cve" />
  <issue id="2016-5875" tracker="cve" />
  <issue id="2016-9273" tracker="cve" />
  <issue id="2016-9297" tracker="cve" />
  <issue id="2016-9448" tracker="cve" />
  <issue id="2016-9453" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>fstrba</packager>
  <description>
The tiff library and tools were updated to version 4.0.7 fixing various bug and security issues.

- CVE-2014-8127: out-of-bounds read with malformed TIFF image in multiple tools [bnc#914890]
- CVE-2016-9297: tif_dirread.c read outside buffer in _TIFFPrintField() [bnc#1010161]
- CVE-2016-3658: Illegal read in TIFFWriteDirectoryTagLongLong8Array function in tiffset / tif_dirwrite.c [bnc#974840]
- CVE-2016-9273: heap overflow [bnc#1010163]
- CVE-2016-3622: divide By Zero in the tiff2rgba tool [bnc#974449]
- CVE-2016-5652: tiff2pdf JPEG Compression Tables Heap Buffer Overflow [bnc#1007280]
- CVE-2016-9453: out-of-bounds Write memcpy and less bound check in tiff2pdf [bnc#1011107]
- CVE-2016-5875: heap-based buffer overflow when using the PixarLog compressionformat [bnc#987351]
- CVE-2016-9448: regression introduced by fixing CVE-2016-9297 [bnc#1011103]
- CVE-2016-5321: out-of-bounds read in tiffcrop /  DumpModeDecode() function [bnc#984813]
- CVE-2016-5323: Divide-by-zero in _TIFFFax3fillruns() function (null ptr dereference?) [bnc#984815]
</description>
  <summary>Security update for tiff</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places