ELA-100-1 tiff3 security update

mishandling of reading of TIFF files

Related CVEs CVE-2018-5360

A vulnerability has been discovered in tiff3, an older implementation of the libtiff library providing support for the Tag Image File Format (TIFF), a widely used format for storing image data. Mishandling the reading of TIFF files has been demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick.

For Debian 7 Wheezy, these problems have been fixed in version 3.9.6-11+deb7u14.

We recommend that you upgrade your tiff3 packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/