[3.7] tiff: Multiple vulnerabilities (CVE-2018-12900, CVE-2018-18557, CVE-2018-18661)
CVE-2018-12900: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service
Heap-based buffer overflow in the cpSeparateBufToContigBuf function in
tiffcp.c in LibTIFF 4.0.9 allows remote
attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.
CVE-2018-18557: Out-of-bounds write in tif_jbig.c
LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a
ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.
CVE-2018-18661: tiff2bw tool failed memory allocation leads to crash
An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer
dereference in the function
LZWDecode in the file tif_lzw.c.
(from redmine: issue id 9717, created on 2018-11-29, closed on 2018-12-07)
- parent #9714 (closed)
- Revision fc22ab4f by Natanael Copa on 2018-12-07T07:59:48Z:
main/tiff: security upgrade to 4.0.10 CVE-2018-12900, CVE-2018-18557, CVE-2018-18661 fixes #9717