There are 5 open security issues in bullseye.
5 issues left for the package maintainer to handle:
- CVE-2022-1210:
(needs triaging)
A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used.
- CVE-2022-1354:
(needs triaging)
- CVE-2022-1355:
(needs triaging)
- CVE-2022-1622:
(needs triaging)
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.
- CVE-2022-1623:
(needs triaging)
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.
You can find information about how to handle these issues in the security team's documentation.