Описание
The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the src variable.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| tiff | fixed | 4.0.6-3 | package | |
| tiff | fixed | 4.0.3-12.3+deb8u2 | jessie | package |
| tiff3 | removed | package | ||
| tiff3 | not-affected | wheezy | package |
Примечания
src:tiff3: built binary packages do not contain the TIFF tools
http://bugzilla.maptools.org/show_bug.cgi?id=2548
Upstream will remove thumbnail from 4.0.7 release
No patch available. Issue marked as wontfix by upstream.
thumbnail(1) was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
Связанные уязвимости
The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the src variable.
The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the src variable.
The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the src variable.
The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the src variable.
Уязвимость библиотеки LibTIFF, позволяющая нарушителю вызвать отказ в обслуживании