Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 507
Alerts This Week
Warning Icon 1 507

Debian: DSA-3763-1 Urgent: PNG Memory Corruption Vulnerability

debian
Calendar Grey January 13, 2017
Scroller Debian
Ubuntu's DSA-2014-6 addresses several libpng security flaws that impact graphics manipulation applications.
Multiple vulnerabilities have been discovered in the libtiff library and the included tools tiff2rgba, rgb2ycbcr, tiffcp, tiffcrop, tiff2pdf and tiffsplit, which may result in deni...

Summary

Multiple vulnerabilities have been discovered in the libtiff library
and the included tools tiff2rgba, rgb2ycbcr, tiffcp, tiffcrop, tiff2pdf
and tiffsplit, which may result in denial of service, memory disclosure
or the execution of arbitrary code.

There were additional vulnerabilities in the tools bmp2tiff, gif2tiff,
thumbnail and ras2tiff, but since these were addressed by the libtiff
developers by removing the tools altogether, no patches are available
and those tools were also removed from the tiff package in Debian
stable. The change had already been made in Debian stretch before and
no applications included in Debian are known to rely on these scripts.
If you use those tools in custom setups, consider using a different
conversion/thumbnailing tool.

For the stable distribution (jessie), these problems have been fixed in
version 4.0.3-12.3+deb8u2.

For the testing distribution (stretch), these problems have been fixed
in version 4.0.7-4.

For the unstable distribution (sid), these problems have b...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: tiff
CVE ID: CVE-2016-3622 CVE-2016-3623 CVE-2016-3624 CVE-2016-3945

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.