1 |
type: security |
2 |
subject: Updated libtiff packages fix security vulnerability |
3 |
CVE: |
4 |
- CVE-2019-7663 |
5 |
src: |
6 |
6: |
7 |
core: |
8 |
- libtiff-4.0.10-1.git20190219.1.mga6 |
9 |
description: | |
10 |
An Invalid Address dereference was discovered in |
11 |
TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF |
12 |
4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. |
13 |
Remote attackers could leverage this vulnerability to cause a |
14 |
denial-of-service via a crafted tiff file. This is different from |
15 |
CVE-2018-12900. (CVE-2019-7663) |
16 |
|
17 |
The invertImage() function in tiffcrop.c:9206 allows remote attackers to |
18 |
cause a denial of service (heap buffer overflow) via invert color space. |
19 |
references: |
20 |
- https://bugs.mageia.org/show_bug.cgi?id=24393 |
21 |
- http://bugzilla.maptools.org/show_bug.cgi?id=2831 |
22 |
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QLLVSXFUKP2QSOFI6RRTYD737HBS7UGT/ |
23 |
ID: MGASA-2019-0101 |