MGASA-2018-0426

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0426.html

Import Source

https://advisories.mageia.org/MGASA-2018-0426.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2018-0426

Related

Published

2018-10-30T18:01:43Z

Modified

2018-10-30T17:35:19Z

Summary

Updated libtiff packages fix security vulnerabilities

Details

The updated packages fix security vulnerabilities:

An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file (CVE-2018-17100).

An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file (CVE-2018-17101).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / libtiff

Package

Name: libtiff
Purl: pkg:rpm/mageia/libtiff?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.0.9-1.7.mga6

Ecosystem specific

{
    "section": "core"
}