CESA-2019:2053 -- centos 7 libtiffID: oval:org.secpod.oval:def:205337 | Date: (C)2019-09-17 (M)2023-12-26 |
Class: PATCH | Family: unix |
The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Security Fix: * libtiff: buffer overflow in gif2tiff * libtiff: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service or possibly code execution * libtiff: Out-of-bounds write in tif_jbig.c * libtiff: NULL pointer dereference in tif_print.c:TIFFPrintDirectory causes a denial of service * libtiff: heap-based buffer overflow in tif_lzw.c:LZWDecodeCompat allows for denial of service * libtiff: heap-based buffer over-read in TIFFWriteScanline function in tif_write.c * libtiff: reachable assertion in TIFFWriteDirectorySec function in tif_dirwrite.c * libtiff: Integer overflow in multiply_ms in tools/ppm2tiff.c * libtiff: Two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c * libtiff: tiff2bw tool failed memory allocation leads to crash For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.