Overview

File _patchinfo of Package patchinfo.4468

<patchinfo incident="4468">
  <issue id="1031254" tracker="bnc">VUL-0: CVE-2016-10269: tiff: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-basedbuffer over-read) or ...</issue>
  <issue id="1031262" tracker="bnc">VUL-0: CVE-2016-10267: tiff:  LibTIFF 4.0.7 allows remote attackers to cause a denial of service(divide-by-zero error and applica...</issue>
  <issue id="1031263" tracker="bnc">VUL-0: CVE-2016-10266: tiff: LibTIFF 4.0.7 allows remote attackers to cause a denial of service(divide-by-zero error and applica...</issue>
  <issue id="1031249" tracker="bnc">VUL-0: CVE-2016-10271: tiff: tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial ofservice (heap-based b...</issue>
  <issue id="1031255" tracker="bnc">VUL-0: CVE-2016-10268: tiff:  tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial ofservice (integer underf...</issue>
  <issue id="1031247" tracker="bnc">VUL-0: CVE-2016-10272: tiff: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-basedbuffer overflow) or p...</issue>
  <issue id="1031250" tracker="bnc">VUL-0: CVE-2016-10270: tiff: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-basedbuffer over-read) or ...</issue>
  <issue id="2016-10270" tracker="cve" />
  <issue id="2016-10269" tracker="cve" />
  <issue id="2016-10268" tracker="cve" />
  <issue id="2016-10267" tracker="cve" />
  <issue id="2016-10266" tracker="cve" />
  <issue id="2016-10272" tracker="cve" />
  <issue id="2016-10271" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>fstrba</packager>
  <description>
This update for tiff fixes the following issues:

Security issues fixed:
- CVE-2016-10272: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based
  buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to
  "WRITE of size 2048" and libtiff/tif_next.c:64:9 (bsc#1031247).
- CVE-2016-10271: tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of
  service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other
  impact via a crafted TIFF image, related to "READ of size 1" and libtiff/tif_fax3.c:413:13
  (bsc#1031249).
- CVE-2016-10270: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based
  buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to
  "READ of size 8" and libtiff/tif_read.c:523:22 (bsc#1031250).
- CVE-2016-10269: LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based
  buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to
  "READ of size 512" and libtiff/tif_unix.c:340:2 (bsc#1031254).
- CVE-2016-10268: tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of
  service (integer underflow and heap-based buffer under-read) or possibly have unspecified other
  impact via a crafted TIFF image, related to "READ of size 78490" and libtiff/tif_unix.c:115:23
  (bsc#1031255).
- CVE-2016-10267: LibTIFF 4.0.7 allows remote attackers to cause a denial of service
  (divide-by-zero error and application crash) via a crafted TIFF image, related to
  libtiff/tif_ojpeg.c:816:8 (bsc#1031262).
- CVE-2016-10266: LibTIFF 4.0.7 allows remote attackers to cause a denial of service
  (divide-by-zero error and application crash) via a crafted TIFF image, related to
  libtiff/tif_read.c:351:22. (bsc#1031263).
</description>
  <summary>Security update for tiff</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places