SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-2744

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-2744

Security update for tiff

Type: security

Severity: moderate

Issued: 2020-09-24

Description:

This update for tiff fixes the following issues:

- CVE-2019-14973: Fixed an improper check which was depended on the compiler
  which could have led to integer overflow (bsc#1146608).

References

CVE: CVE-2019-14973
Bugzilla: 1146608 VUL-1: CVE-2019-14973: tiff: _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards

Packages

tiff-4.0.9-5.30.28