2 security issues in buster

package:
tiff
severity:
high
created:
2017-06-23
last updated:
2019-08-25

There are 2 open security issues in buster.
1 important issue:
  • CVE-2019-14973: _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash.
1 issue skipped by the security teams:
  • CVE-2017-17942: In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c.
Please fix them.