#17144 closed enhancement (fixed)
Create security fixes patch for libtiff
| Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | elevated | Milestone: | 11.3 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
While I was out looking at news this morning, I ran across some security vulnerabilities in libtiff.
It looks like Debian has patches for most of them, with a couple of exceptions. These are mostly in the Tiff utilities.
- CVE-2022-34526: Denial of Service due to stack overflow in tiffsplit (Medium)
- CVE-2022-2056: Denial of Service due to divide by zero error in tiffcrop (Medium)
- CVE-2022-2057: Denial of Service due to divide by zero in tiffcrop (Medium)
- CVE-2022-2058: Denial of Service due to divide by zero in tiffcrop (Medium)
- CVE-2022-2953: Denial of Service due to out-of-bounds read in tiffcrop (Medium)
Change History (3)
comment:1 by , 3 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 2 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Fixed at ef2eac4b84f8b4307283b563096e7e4346e7313f