Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15:Update
patchinfo.8555
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.8555
<patchinfo incident="8555"> <issue tracker="bnc" id="1092480">VUL-1: CVE-2018-10779: tiff: TIFFWriteScanline in tif_write.c has a heap-based buffer over-read</issue> <issue tracker="bnc" id="1108637">VUL-1: CVE-2018-17100: tiff: int32 overflow in multiply_ms in tools/ppm2tiff.c</issue> <issue tracker="bnc" id="1108627">VUL-1: CVE-2018-17101: tiff: two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c</issue> <issue tracker="bnc" id="1110358">VUL-0: CVE-2018-17795: tiff: The function t2p_write_pdf allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact</issue> <issue tracker="bnc" id="1106853">VUL-1: CVE-2018-16335: tiff: newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c can cause a denial of service (heap-based bufferoverflow)</issue> <issue tracker="cve" id="2018-10779"/> <issue tracker="cve" id="2018-17100"/> <issue tracker="cve" id="2018-17101"/> <issue tracker="cve" id="2018-17795"/> <issue tracker="cve" id="2018-16335"/> <category>security</category> <rating>moderate</rating> <packager>pgajdos</packager> <description>This update for tiff fixes the following issues: Security issue fixed: - CVE-2018-10779: TIFFWriteScanline in tif_write.c had a heap-based buffer over-read, as demonstrated by bmp2tiff.(bsc#1092480) - CVE-2018-17100: There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108637) - CVE-2018-17101: There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. (bsc#1108627) - CVE-2018-17795: The function t2p_write_pdf in tiff2pdf.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. (bsc#1110358) - CVE-2018-16335: newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209. (bsc#1106853) </description> <summary>Security update for tiff</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor