SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-2019-786

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-2019-786

Security update for tiff

Type: security

Severity: moderate

Issued: 2019-03-28

Description:

This update for tiff fixes the following issues:

Security issues fixed:

- CVE-2018-19210: Fixed a NULL pointer dereference in TIFFWriteDirectorySec function (bsc#1115717).     
- CVE-2018-17000: Fixed a NULL pointer dereference in the _TIFFmemcmp function (bsc#1108606).
- CVE-2019-6128: Fixed a memory leak in the TIFFFdOpen function in tif_unix.c (bsc#1121626).
- CVE-2019-7663: Fixed an invalid address dereference in the
  TIFFWriteDirectoryTagTransfer function in libtiff/tif_dirwrite.c (bsc#1125113)

References

CVE: CVE-2019-7663
CVE: CVE-2019-6128
CVE: CVE-2018-19210
CVE: CVE-2018-17000
Bugzilla: 1125113 VUL-1: CVE-2019-7663: tiff: An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c
Bugzilla: 1121626 VUL-1: CVE-2019-6128: tiff: The TIFFFdOpen function in tif_unix.c in LibTIFF has a memory leak
Bugzilla: 1115717 VUL-1: CVE-2018-19210: tiff: NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c
Bugzilla: 1108606 VUL-1: CVE-2018-17000: tiff: NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction)

Packages

tiff-4.0.9-5.27.5