Mageia: 2019-0101 Moderate: libtiff DoS Fix and Security Update
mageia
February 22, 2019
An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function ...
Summary
An Invalid Address dereference was discovered in
TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF
4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c.
Remote attackers could leverage this vulnerability to cause a
denial-of-service via a crafted tiff file. This is different from
CVE-2018-12900. (CVE-2019-7663)
The invertImage() function in tiffcrop.c:9206 allows remote attackers to
cause a denial of service (heap buffer overflow) via invert color space.
References
- https://bugs.mageia.org/show_bug.cgi?id=24393
- http://bugzilla.maptools.org/show_bug.cgi?id=2831
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QLLVSXFUKP2QSOFI6RRTYD737HBS7UGT/
- https://www.cve.org/CVERecord?id=CVE-2019-7663
Topics Covered
Resolution
SRPMS
- 6/core/libtiff-4.0.10-1.git20190219.1.mga6
PREVIOUS 
NEXT Severity
important
Lowest
Low
Medium
High
Critical
Publication date: 22 Feb 2019
URL: https://advisories.mageia.org/MGASA-2019-0101.html
Type: security
CVE: CVE-2019-7663
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!