tiff - security update

2016-01-3000:00:00

Google

osv.dev

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.029 Low

EPSS

Percentile

89.3%

JSON

Several security flaws have been found and solved in libtiff, a
library that provides support for handling Tag Image File Format
(TIFF). These flaws concern out of bounds reads and writes in the
LogL16Decode, LogLuvDecode24, LogLuvDecode32, LogLuvDecodeTile,
LogL16Encode, LogLuvEncode24, LogLuvEncode32 and NeXTDecode functions.

These IDs were assigned for the problems: CVE-2015-8781,
CVE-2015-8782, CVE-2015-8783 and CVE-2015-8784.

For Debian 6 Squeeze, these issues have been fixed in tiff version
3.9.4-5+squeeze14. We recommend you to upgrade your tiff packages.

CPENameOperatorVersion
tiffeq3.9.4-5
tiffeq3.9.4-5+squeeze1
tiffeq3.9.4-5+squeeze10
tiffeq3.9.4-5+squeeze11
tiffeq3.9.4-5+squeeze12
tiffeq3.9.4-5+squeeze13
tiffeq3.9.4-5+squeeze2
tiffeq3.9.4-5+squeeze3
tiffeq3.9.4-5+squeeze4
tiffeq3.9.4-5+squeeze5

Name	Operator	Version
tiff	eq	3.9.4-5
tiff	eq	3.9.4-5+squeeze1
tiff	eq	3.9.4-5+squeeze10
tiff	eq	3.9.4-5+squeeze11
tiff	eq	3.9.4-5+squeeze12
tiff	eq	3.9.4-5+squeeze13
tiff	eq	3.9.4-5+squeeze2
tiff	eq	3.9.4-5+squeeze3
tiff	eq	3.9.4-5+squeeze4
tiff	eq	3.9.4-5+squeeze5