ID

VAR-201803-0086

CVE

CVE-2014-8129

TITLE

LibTIFF Vulnerable to out-of-bounds writing

DESCRIPTION

LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c. LibTIFF Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. A denial of service vulnerability exists in Silicon Graphics LibTiff version 4.0.3. Update: Packages for Mandriva Business Server 1 are now being provided. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8127 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8128 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8130 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9655 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1547 http://advisories.mageia.org/MGASA-2015-0112.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: f8727a71ac4ec2d7d4f1b633d6953822 mbs1/x86_64/lib64tiff5-4.0.4-0.1.mbs1.x86_64.rpm 32cdb5ebbe9aa26837e492bbc226f6eb mbs1/x86_64/lib64tiff-devel-4.0.4-0.1.mbs1.x86_64.rpm 917c2cf43c35469c768e62f9b670efd0 mbs1/x86_64/lib64tiff-static-devel-4.0.4-0.1.mbs1.x86_64.rpm 36ff180f975358b530230a3c0bf6ee64 mbs1/x86_64/libtiff-progs-4.0.4-0.1.mbs1.x86_64.rpm abad0883b65d252bd62ca2ea163a0754 mbs1/SRPMS/libtiff-4.0.4-0.1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFVGTbVmqjQ0CJFipgRArgvAKClh2UJrmBXsf9fE9hhJT1ITcrnywCgk2fw y1E86Ix3dMzcD9nL8mwuqi0= =dhzn -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libtiff security update Advisory ID: RHSA-2016:1546-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-1546.html Issue date: 2016-08-02 CVE Names: CVE-2014-8127 CVE-2014-8129 CVE-2014-8130 CVE-2014-9330 CVE-2014-9655 CVE-2015-1547 CVE-2015-7554 CVE-2015-8665 CVE-2015-8668 CVE-2015-8683 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2015-8784 CVE-2016-3632 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5320 ===================================================================== 1. Summary: An update for libtiff is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320) * Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running applications linked against libtiff must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1177893 - CVE-2014-9330 libtiff: Out-of-bounds reads followed by a crash in bmp2tiff 1185805 - CVE-2014-8127 libtiff: out-of-bounds read with malformed TIFF image in multiple tools 1185815 - CVE-2014-8129 libtiff: out-of-bounds read/write with malformed TIFF image in tiff2pdf 1185817 - CVE-2014-8130 libtiff: divide by zero in the tiffdither tool 1190703 - CVE-2014-9655 libtiff: use of uninitialized memory in putcontig8bitYCbCr21tile and NeXTDecode 1190709 - CVE-2015-1547 libtiff: use of uninitialized memory in NeXTDecode 1294417 - CVE-2015-7554 libtiff: Invalid-write in _TIFFVGetField() when parsing some extension tags 1294425 - CVE-2015-8668 libtiff: OOB read in bmp2tiff 1294427 - CVE-2015-8683 libtiff: Out-of-bounds when reading CIE Lab image format files 1294444 - CVE-2015-8665 libtiff: Out-of-bounds read in tif_getimage.c 1301649 - CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 libtiff: invalid assertion 1301652 - CVE-2015-8784 libtiff: out-of-bound write in NeXTDecode() 1325093 - CVE-2016-3945 libtiff: out-of-bounds write in the tiff2rgba tool 1325095 - CVE-2016-3632 libtiff: out-of-bounds write in _TIFFVGetField function 1326246 - CVE-2016-3990 libtiff: out-of-bounds write in horizontalDifference8() 1326249 - CVE-2016-3991 libtiff: out-of-bounds write in loadImage() function 1346687 - CVE-2016-5320 libtiff: Out-of-bounds write in PixarLogDecode() function in tif_pixarlog.c 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libtiff-4.0.3-25.el7_2.src.rpm x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libtiff-4.0.3-25.el7_2.src.rpm x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libtiff-4.0.3-25.el7_2.src.rpm ppc64: libtiff-4.0.3-25.el7_2.ppc.rpm libtiff-4.0.3-25.el7_2.ppc64.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc64.rpm libtiff-devel-4.0.3-25.el7_2.ppc.rpm libtiff-devel-4.0.3-25.el7_2.ppc64.rpm ppc64le: libtiff-4.0.3-25.el7_2.ppc64le.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc64le.rpm libtiff-devel-4.0.3-25.el7_2.ppc64le.rpm s390x: libtiff-4.0.3-25.el7_2.s390.rpm libtiff-4.0.3-25.el7_2.s390x.rpm libtiff-debuginfo-4.0.3-25.el7_2.s390.rpm libtiff-debuginfo-4.0.3-25.el7_2.s390x.rpm libtiff-devel-4.0.3-25.el7_2.s390.rpm libtiff-devel-4.0.3-25.el7_2.s390x.rpm x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libtiff-debuginfo-4.0.3-25.el7_2.ppc.rpm libtiff-debuginfo-4.0.3-25.el7_2.ppc64.rpm libtiff-static-4.0.3-25.el7_2.ppc.rpm libtiff-static-4.0.3-25.el7_2.ppc64.rpm libtiff-tools-4.0.3-25.el7_2.ppc64.rpm ppc64le: libtiff-debuginfo-4.0.3-25.el7_2.ppc64le.rpm libtiff-static-4.0.3-25.el7_2.ppc64le.rpm libtiff-tools-4.0.3-25.el7_2.ppc64le.rpm s390x: libtiff-debuginfo-4.0.3-25.el7_2.s390.rpm libtiff-debuginfo-4.0.3-25.el7_2.s390x.rpm libtiff-static-4.0.3-25.el7_2.s390.rpm libtiff-static-4.0.3-25.el7_2.s390x.rpm libtiff-tools-4.0.3-25.el7_2.s390x.rpm x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libtiff-4.0.3-25.el7_2.src.rpm x86_64: libtiff-4.0.3-25.el7_2.i686.rpm libtiff-4.0.3-25.el7_2.x86_64.rpm libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-devel-4.0.3-25.el7_2.i686.rpm libtiff-devel-4.0.3-25.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libtiff-debuginfo-4.0.3-25.el7_2.i686.rpm libtiff-debuginfo-4.0.3-25.el7_2.x86_64.rpm libtiff-static-4.0.3-25.el7_2.i686.rpm libtiff-static-4.0.3-25.el7_2.x86_64.rpm libtiff-tools-4.0.3-25.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-8127 https://access.redhat.com/security/cve/CVE-2014-8129 https://access.redhat.com/security/cve/CVE-2014-8130 https://access.redhat.com/security/cve/CVE-2014-9330 https://access.redhat.com/security/cve/CVE-2014-9655 https://access.redhat.com/security/cve/CVE-2015-1547 https://access.redhat.com/security/cve/CVE-2015-7554 https://access.redhat.com/security/cve/CVE-2015-8665 https://access.redhat.com/security/cve/CVE-2015-8668 https://access.redhat.com/security/cve/CVE-2015-8683 https://access.redhat.com/security/cve/CVE-2015-8781 https://access.redhat.com/security/cve/CVE-2015-8782 https://access.redhat.com/security/cve/CVE-2015-8783 https://access.redhat.com/security/cve/CVE-2015-8784 https://access.redhat.com/security/cve/CVE-2016-3632 https://access.redhat.com/security/cve/CVE-2016-3945 https://access.redhat.com/security/cve/CVE-2016-3990 https://access.redhat.com/security/cve/CVE-2016-3991 https://access.redhat.com/security/cve/CVE-2016-5320 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXoNKIXlSAg2UNWIIRAn0mAJ49V9uRtJCn4vAWPIfVZ3ptCa4NDQCbBuTb H5YX3gD3gJu8C4EadiP+wtg= =Z4gh -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ============================================================================ Ubuntu Security Notice USN-2553-1 March 31, 2015 tiff vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. (CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130) Paris Zoumpouloglou discovered that LibTIFF incorrectly handled certain malformed BMP images. (CVE-2014-9655) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: libtiff5 4.0.3-10ubuntu0.1 Ubuntu 14.04 LTS: libtiff5 4.0.3-7ubuntu0.2 Ubuntu 12.04 LTS: libtiff4 3.9.5-2ubuntu1.7 Ubuntu 10.04 LTS: libtiff4 3.9.2-2ubuntu0.15 In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201701-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libTIFF: Multiple vulnerabilities Date: January 09, 2017 Bugs: #484542, #534108, #538318, #561880, #572876, #585274, #585508, #599746 ID: 201701-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in libTIFF, the worst of which may allow execution of arbitrary code. It is called by numerous programs, including GNOME and KDE applications, to interpret TIFF images. Please review the CVE identifier and bug reports referenced for details. Workaround ========== There is no known workaround at this time. Resolution ========== All libTIFF users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/tiff-4.0.7" References ========== [ 1 ] CVE-2013-4243 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4243 [ 2 ] CVE-2014-8127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8127 [ 3 ] CVE-2014-8128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8128 [ 4 ] CVE-2014-8129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8129 [ 5 ] CVE-2014-8130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8130 [ 6 ] CVE-2014-9330 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9330 [ 7 ] CVE-2014-9655 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9655 [ 8 ] CVE-2015-1547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1547 [ 9 ] CVE-2015-7313 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7313 [ 10 ] CVE-2015-7554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7554 [ 11 ] CVE-2015-8665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8665 [ 12 ] CVE-2015-8668 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8668 [ 13 ] CVE-2015-8683 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8683 [ 14 ] CVE-2015-8781 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8781 [ 15 ] CVE-2015-8782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8782 [ 16 ] CVE-2015-8783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8783 [ 17 ] CVE-2015-8784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8784 [ 18 ] CVE-2016-3186 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3186 [ 19 ] CVE-2016-3619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3619 [ 20 ] CVE-2016-3620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3620 [ 21 ] CVE-2016-3621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3621 [ 22 ] CVE-2016-3622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3622 [ 23 ] CVE-2016-3623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3623 [ 24 ] CVE-2016-3624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3624 [ 25 ] CVE-2016-3625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3625 [ 26 ] CVE-2016-3631 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3631 [ 27 ] CVE-2016-3632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3632 [ 28 ] CVE-2016-3633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3633 [ 29 ] CVE-2016-3634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3634 [ 30 ] CVE-2016-3658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3658 [ 31 ] CVE-2016-3945 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3945 [ 32 ] CVE-2016-3990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3990 [ 33 ] CVE-2016-3991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3991 [ 34 ] CVE-2016-5102 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5102 [ 35 ] CVE-2016-5314 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5314 [ 36 ] CVE-2016-5315 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5315 [ 37 ] CVE-2016-5316 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5316 [ 38 ] CVE-2016-5317 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5317 [ 39 ] CVE-2016-5318 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5318 [ 40 ] CVE-2016-5319 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5319 [ 41 ] CVE-2016-5320 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5320 [ 42 ] CVE-2016-5321 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5321 [ 43 ] CVE-2016-5322 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5322 [ 44 ] CVE-2016-5323 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5323 [ 45 ] CVE-2016-5652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5652 [ 46 ] CVE-2016-5875 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5875 [ 47 ] CVE-2016-6223 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6223 [ 48 ] CVE-2016-8331 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8331 [ 49 ] CVE-2016-9273 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9273 [ 50 ] CVE-2016-9297 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9297 [ 51 ] CVE-2016-9318 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9318 [ 52 ] CVE-2016-9448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9448 [ 53 ] CVE-2016-9453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9453 [ 54 ] CVE-2016-9532 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9532 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201701-16 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 --WUa5dgL7FmU1aSF31hCrUKc2JiSevbqka-- . For the oldstable distribution (wheezy), these problems have been fixed in version 4.0.2-6+deb7u4. For the stable distribution (jessie), these problems have been fixed before the initial release. We recommend that you upgrade your tiff packages. 6) - i386, x86_64 3

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

buffer error

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

William Robinet and american fuzzy lop

SOURCES

LAST UPDATE DATE

2024-11-20T22:26:19.125000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE