SUSE-SU-2018:3879-1 -- SLES tiff, libtiffID: oval:org.secpod.oval:def:89002537 | Date: (C)2021-02-26 (M)2023-12-26 |
Class: PATCH | Family: unix |
This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c . - CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf . - CVE-2017-9147: Fixed invalid read in the _TIFFVGetField function in tif_dir.c, that allowed remote attackers to cause a DoS via acrafted TIFF file . - CVE-2017-9117: Fixed BMP images processing that was verified without biWidth and biHeight values . - CVE-2017-17942: Fixed issue in the function PackBitsEncode that could have led to a heap overflow and caused a DoS . - CVE-2016-9273: Fixed heap-based buffer overflow issue . - CVE-2016-5319: Fixed heap-based buffer overflow in PackBitsEncode . - CVE-2016-3621: Fixed out-of-bounds read in the bmp2tiff tool . - CVE-2016-3620: Fixed out-of-bounds read in the bmp2tiff tool - CVE-2016-3619: Fixed out-of-bounds read in the bmp2tiff tool - CVE-2015-8870: Fixed integer overflow in tools/bmp2tiff.c that allowed remote attackers to causea DOS . Non-security issues fixed: - asan_build: build ASAN included - debug_build: build more suitable for debugging
Platform: |
SUSE Linux Enterprise Server 11 SP4 |