ELA-100-1 tiff3 security update

mishandling of reading of TIFF files

2019-03-28
Packagetiff3
Version3.9.6-11+deb7u14
Related CVEs CVE-2018-5360


A vulnerability has been discovered in tiff3, an older implementation of the libtiff library providing support for the Tag Image File Format (TIFF), a widely used format for storing image data. Mishandling the reading of TIFF files has been demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick.



For Debian 7 Wheezy, these problems have been fixed in version 3.9.6-11+deb7u14.

We recommend that you upgrade your tiff3 packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.