This update for tiff fixes the following issues: - CVE-2016-9453: The t2p_readwrite_pdf_image_tile function allowed remote attackers to cause a denial of service or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one . - CVE-2016-5652: An exploitable heap-based buffer overflow existed in the handling of TIFF images in the TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means . - CVE-2017-11335: There is a heap based buffer overflow in tools/tiff2pdf.c via a PlanarConfig=Contig image, which caused a more than one hundred bytes out-of-bounds write . A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack . - CVE-2016-9536: tools/tiff2pdf.c had an out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip. Reported as MSVR 35098, aka quot;t2p_process_jpeg_strip heap-buffer-overflow.quot; - CVE-2017-9935: In LibTIFF, there was a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution . - CVE-2017-17973: There is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. - CVE-2015-7554: The _TIFFVGetField function in tif_dir.c allowed attackers to cause a denial of service or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image . - CVE-2016-5318: Stack-based buffer overflow in the _TIFFVGetField function allowed remote attackers to crash the application via a crafted tiff . - CVE-2016-10095: Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c allowed remote attackers to cause a denial of service via a crafted TIFF file . - CVE-2016-10268: tools/tiffcp.c allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted TIFF image, related to quot;READ of size 78490quot; and libtiff/tif_unix.c:115:23 - An overlapping of memcpy parameters was fixed which could lead to content corruption . - Fixed an invalid memory read which could lead to a crash . - Fixed a NULL pointer dereference in TIFFReadRawData that could crash the decoder .