libtiff-4.0.9-18.el8

Release date:

Saturday, December 19, 2020 - 13:24

Subject:

Affected Channels:

Asianux Server 8 for x86_64

Severity:

Moderate

Description:

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es):

* libtiff: integer overflow leading to heap-based buffer overflow in tif_getimage.c (CVE-2019-17546)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-17546
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.

Solution:

Update packages.

CVEs:

CVE-2019-17546
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.

Additional Info:

N/A

Download:

SRPMS

libtiff-4.0.9-18.el8.src.rpm
MD5: ee2e2c96f0464b85ae49278c630fecb6
SHA-256: d09a8362959c026f3a567cab7cbf5234482ef9e05cd07d94c23012521658a26f
Size: 2.24 MB

Asianux Server 8 for x86_64

libtiff-4.0.9-18.el8.x86_64.rpm
MD5: 7e7b658755268166b49dcc0bc91c04aa
SHA-256: 53725ef67e1629f92e73d1b144ef2de4a3060e4d22c872f583959c311d709e21
Size: 186.72 kB
libtiff-devel-4.0.9-18.el8.x86_64.rpm
MD5: b0ef83c0b215b20c8a492201fe75fbbc
SHA-256: 72e996a1110904384e920a2bf254764c80d47bffc509561df8275f257be075e2
Size: 509.91 kB
libtiff-4.0.9-18.el8.i686.rpm
MD5: 2e0b68bd5c2ce5f63b07f917d60511a4
SHA-256: 708d2a58e81ec8e3be37654951cd46a5eea209273089eee95aae1de8907fec2f
Size: 201.09 kB
libtiff-devel-4.0.9-18.el8.i686.rpm
MD5: c48de6d30e01fe74481d2301f14fdc8a
SHA-256: b8d26bcda4388505581c2282e2dc496aa0ac41f8a358610f4cac56ca1afd9249
Size: 509.92 kB

Main menu

You are here