tiff: Multiple vulnerabilities (CVE-2016-9273, CVE-2016-9297, CVE-2016-9448, CVE-2016-9453)
CVE-2016-9273: heap-buffer-overflow in cpStrips
Reference:
http://bugzilla.maptools.org/show\_bug.cgi?id=2587
http://libtiff.maptools.org/v4.0.7.html
CVE-2016-9297: segfault in _TIFFPrintField
Reference:
http://bugzilla.maptools.org/show\_bug.cgi?id=2590
CVE-2016-9448: Invalid read of size 1 in TIFFFetchNormalTag
Fix for CVE-2016-9297 introduced this issue.
References:
http://bugzilla.maptools.org/show\_bug.cgi?id=2593
http://seclists.org/oss-sec/2016/q4/464
CVE-2016-9453: out-of-bounds Write Caused by memcpy and no bound check in tiff2pdf
Affected: <=4.0.6
Fixed in: >=4.0.7
http://bugzilla.maptools.org/show\_bug.cgi?id=2579 http://libtiff.maptools.org/v4.0.7.html
References:(from redmine: issue id 6664, created on 2017-01-10, closed on 2017-01-23)
- Relations:
- child #6665 (closed)
- child #6666 (closed)
- child #6667 (closed)