MGASA-2018-0246

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0246.html

Import Source

https://advisories.mageia.org/MGASA-2018-0246.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2018-0246

Related

CVE-2018-10963
CVE-2018-8905

Published

2018-05-16T08:24:56Z

Modified

2018-05-16T07:44:58Z

Summary

Updated libtiff packages fix security vulnerabilities

Details

The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. (CVE-2018-10963)

In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. (CVE-2018-8905)

References

https://advisories.mageia.org/MGASA-2018-0246.html
https://bugs.mageia.org/show_bug.cgi?id=23021

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2018-0246

Affected packages