libtiff-4.0.3-35.el7
エラータID: AXSA:2020-553:02
Image File Format (TIFF) files.
Security Fix(es):
* libtiff: integer overflow in _TIFFCheckMalloc and _TIFFCheckRealloc in
tif_aux.c (CVE-2019-14973)
* libtiff: integer overflow leading to heap-based buffer overflow in
tif_getimage.c (CVE-2019-17546)
CVE-2019-14973
_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10
mishandle Integer Overflow checks because they rely on compiler behavior that is
undefined by the applicable C standards. This can, for example, lead to an
application crash.
CVE-2019-17546
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and
other products, has an integer overflow that potentially causes a heap-based
buffer overflow via a crafted RGBA image, related to a "Negative-size-param"
condition.
Update packages.
_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash.
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.
N/A
SRPMS
- libtiff-4.0.3-35.el7.src.rpm
MD5: 811c520de4c972e0f7fa75d7be6e7901
SHA-256: 1d30b3cd6bdb8771fff4d599fa76a3170b147d35f10c194063025072c6a95b09
Size: 2.03 MB
Asianux Server 7 for x86_64
- libtiff-4.0.3-35.el7.x86_64.rpm
MD5: 57c0553ab023ce3e5446c06f778f6be3
SHA-256: 25344a6dfb4d97a45bc0a9d9c9b4b209dde8f417af24423992a8928e70ab261b
Size: 171.15 kB - libtiff-devel-4.0.3-35.el7.x86_64.rpm
MD5: 4d67238688aa20e79c62428d2f98db5d
SHA-256: cd09d91e9243d589fb8f27ccdac37f36c022a5f300916accffa5b544e6a2f937
Size: 473.02 kB - libtiff-4.0.3-35.el7.i686.rpm
MD5: ece7e625295f17c5ddcd3468d59b2bd6
SHA-256: 9976b5f0ad69c2edda0632293c3d51db6b3d84e3e0acc5f767d29a26e8785b30
Size: 173.91 kB - libtiff-devel-4.0.3-35.el7.i686.rpm
MD5: ce8bde6aa8cbe0ffc4ed5859e7b8a73a
SHA-256: e514f2e0d1e321862be9464afa60be1259619928f139d7e135c9d80b1bb94966
Size: 473.05 kB