Note:
This project will be discontinued after December 13, 2021. [more]
2018-03-22
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.
Products | Ubuntu_linux, Debian_linux, Libtiff, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation |
Type | Out-of-bounds Write (CWE-787) |
First patch | - None (likely due to unavailable code) |
Links |
• http://bugzilla.maptools.org/show_bug.cgi?id=2780
• https://lists.debian.org/debian-lts-announce/2018/05/msg00009.html • https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html • https://lists.debian.org/debian-lts-announce/2018/05/msg00008.html • https://usn.ubuntu.com/3864-1/ |