5 security issues in jessie

package:
tiff
severity:
high
created:
2015-09-23
last updated:
2019-08-25

There are 5 open security issues in jessie.
1 important issue:
  • CVE-2019-14973: _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash.
4 issues skipped by the security teams:
  • CVE-2018-12900: Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.
  • CVE-2015-7313: LibTIFF allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted tiff file.
  • CVE-2018-5360: LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.
  • CVE-2017-17942: In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c.
Please fix them.