Описание
ELSA-2020-3902: libtiff security update (MODERATE)
[4.0.3-35]
- Fix two resource leaks Related: #1771371
[4.0.3-34]
- Fix CVE-2019-17546 Resolves: #1771371
[4.0.3-33]
- Fix CVE-2019-14973 Resolves: #1755704
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
libtiff
4.0.3-35.el7
libtiff-devel
4.0.3-35.el7
libtiff-static
4.0.3-35.el7
libtiff-tools
4.0.3-35.el7
Oracle Linux x86_64
libtiff
4.0.3-35.el7
libtiff-devel
4.0.3-35.el7
libtiff-static
4.0.3-35.el7
libtiff-tools
4.0.3-35.el7
Связанные CVE
Связанные уязвимости
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0. ...
_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash.