Security Information / 2023 / Security Information -- DSA-5333-1 tiff

Debian Security Advisory

DSA-5333-1 tiff -- security update

Date Reported:

29 Jan 2023

Affected Packages:

tiff

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 1011160, Bug 1014494, Bug 1022555, Bug 1024737, Bug 1029653.
In Mitre's CVE dictionary: CVE-2022-1354, CVE-2022-1355, CVE-2022-1622, CVE-2022-1623, CVE-2022-2056, CVE-2022-2057, CVE-2022-2058, CVE-2022-2519, CVE-2022-2520, CVE-2022-2521, CVE-2022-2867, CVE-2022-2868, CVE-2022-2869, CVE-2022-2953, CVE-2022-3570, CVE-2022-3597, CVE-2022-3599, CVE-2022-3627, CVE-2022-34526, CVE-2022-48281.

More information:

Several buffer overflow, divide by zero or out of bounds read/write vulnerabilities were discovered in tiff, the Tag Image File Format (TIFF) library and tools, which may cause denial of service when processing a crafted TIFF image.

For the stable distribution (bullseye), these problems have been fixed in version 4.2.0-1+deb11u3.

We recommend that you upgrade your tiff packages.

For the detailed security status of tiff please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tiff