tiff (4.3.0-6ubuntu0.11) jammy-security; urgency=medium
* SECURITY UPDATE: null-pointer dereference
- d/p/CVE-2025-8534.patch: tiff2ps: check return of TIFFGetFiled() to
fix
- CVE-2025-8534
* SECURITY UPDATE: use-after-free issue
- d/p/CVE-2025-8176.patch: fix heap use-after-free in tiffmedian
- CVE-2025-8176
* SECURITY UPDATE: stack-based buffer overflow
- d/p/CVE-2025-8851.patch: address tiffcrop buffer overflow issues
- CVE-2025-8851
-- Nishit Majithia <nishit.majithia@canonical.com> Wed, 20 Aug 2025 15:55:06 +0530
tiff (4.3.0-6ubuntu0.10) jammy-security; urgency=medium
* SECURITY UPDATE: null pointer dereference
- debian/patches/CVE-2024-7006.patch: adds check for the return value
of _TIFFCreateAnonField() to handle potential NULL pointers in
libtiff/tif_dirinfo.c and libtiff/tif_dirread.c.
- CVE-2024-7006
-- Ian Constantin <ian.constantin@canonical.com> Thu, 05 Sep 2024 16:59:39 +0300
tiff (4.3.0-6ubuntu0.9) jammy-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow in tiffcrop.c
- debian/patches/CVE-2023-3164.patch: heap buffer overflow in tiffcrop.c
- CVE-2023-3164
-- Bruce Cable <bruce.cable@canonical.com> Wed, 29 May 2024 12:08:52 +1000
tiff (4.3.0-6ubuntu0.8) jammy-security; urgency=medium
* SECURITY UPDATE: heap based buffer overflow
- debian/patches/CVE-2023-6228.patch: add check for codec configuration
in tools/tiffcp.c.
- CVE-2023-6228
* SECURITY UPDATE: memory exhaustion
- debian/patches/CVE-2023-6277-1.patch: add multiple checks for requested
memory being greater than filesize in libtiff/tif_dirread.c.
- debian/patches/CVE-2023-6277-2.patch: add an extra check for above
condition, to only do it for a defined large request in
libtiff/tif_dirread.c.
- debian/patches/CVE-2023-6277-3.patch: remove one of the checks in
libtiff/tif_dirread.c.
- debian/patches/CVE-2023-6277-4.patch: add the extra check, to only do
it for a defined large request in more methods in libtiff/tif_dirread.c.
- CVE-2023-6277
* SECURITY UPDATE: segmentation fault
- debian/patches/CVE-2023-52356.patch: add row and column check based
on image sizes in libtiff/tif_getimage.c.
- CVE-2023-52356
-- Rodrigo Figueiredo Zaiden <rodrigo.zaiden@canonical.com> Fri, 09 Feb 2024 18:02:38 -0300
tiff (4.3.0-6ubuntu0.7) jammy-security; urgency=medium
* SECURITY UPDATE: denial of service
- debian/patches/CVE-2022-40090.patch: Improved IFD-Loop Handling.
- CVE-2022-40090
* SECURITY UPDATE: memory leak
- debian/patches/CVE-2023-3576.patch: Fix memory leak in tiffcrop.c.
- CVE-2023-3576
-- Fabian Toepfer <fabian.toepfer@canonical.com> Thu, 23 Nov 2023 14:39:56 +0100
tiff (4.3.0-6ubuntu0.6) jammy-security; urgency=medium
* SECURITY UPDATE: out-of-bound read
- debian/patches/CVE-2023-1916.patch: Fix heap-buffer-overflow in
function extractImageSection
- CVE-2023-1916
-- Nishit Majithia <nishit.majithia@canonical.com> Tue, 10 Oct 2023 15:57:39 +0530
tiff (4.3.0-6ubuntu0.5) jammy-security; urgency=medium
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2022-48281.patch: correct simple copy paste error in
tiffcrop.c.
- CVE-2022-48281
* SECURITY UPDATE: NULL pointer dereference
- d/p/0001-countInkNamesString-fix-UndefinedBehaviorSanitizer-a.patch: Fix
undefined behavior in tif_dir.c.
- CVE-2023-2908
* SECURITY UPDATE: NULL pointer dereference
- d/p/0002-TIFFClose-avoid-NULL-pointer-dereferencing.-fix-515.patch: avoid
NULL pointer dereferencing in tif_close.c.
- CVE-2023-3316
* SECURITY UPDATE: buffer overflow
- d/p/0003-Consider-error-return-of-writeSelections.patch: Consider error
return of writeSelections() in tiffcrop.c.
- CVE-2023-3618
* SECURITY UPDATE: heap-based buffer overflow
- d/p/0004-tiffcrop-correctly-update-buffersize-after-rotateIma.patch:
correctly update buffersize after rotateImage() and enlarge buffsize and
check integer overflow within rotateImage() in tiffcrop.c.
- CVE-2023-25433
* SECURITY UPDATE: Use after free
- d/p/0005-tiffcrop-Do-not-reuse-input-buffer-for-subsequent-im.patch: Do
not reuse input buffer for subsequent images in tiffcrop.c.
- CVE-2023-26965
* SECURITY UPDATE: buffer overflow
- d/p/0006-tif_luv-Check-and-correct-for-NaN-data-in-uv_encode.patch: Check
and correct for NaN data in uv_encode() in tif_luv.c.
- CVE-2023-26966
* SECURITY UPDATE: Integer overflow
- d/p/0007-tiffcp-fix-memory-corruption-overflow-on-hostile-ima.patch: fix
memory corruption (overflow) in tiffcp.c.
- CVE-2023-38288
* SECURITY UPDATE: Integer overflow
- d/p/0008-raw2tiff-fix-integer-overflow-and-bypass-of-the-chec.patch: fix
integer overflow and bypass of the check in raw2tiff.c.
- CVE-2023-38289
-- Fabian Toepfer <fabian.toepfer@canonical.com> Mon, 07 Aug 2023 17:56:53 +0200
tiff (4.3.0-6ubuntu0.4) jammy-security; urgency=medium
* SECURITY UPDATE: out-of-bounds reads
- debian/patches/CVE-2023-0795.patch: Amend rotateImage() not to toggle the
input image width and length parameters when only cropped image sections
are rotated in tiffcrop.c.
- CVE-2023-0795
- CVE-2023-0796
- CVE-2023-0797
- CVE-2023-0798
- CVE-2023-0799
* SECURITY UPDATE: out-of-bounds writes
- debian/patches/CVE-2023-0800.patch: added check for assumption on
composite images in tiffcrop.c.
- CVE-2023-0800
- CVE-2023-0801
- CVE-2023-0802
- CVE-2023-0803
- CVE-2023-0804
-- Fabian Toepfer <fabian.toepfer@canonical.com> Fri, 03 Mar 2023 17:17:55 +0100
tiff (4.3.0-6ubuntu0.3) jammy-security; urgency=medium
* SECURITY UPDATE: unsigned integer overflow
- debian/patches/CVE-2022-3970.patch: adds size_t type casts in the
TIFFReadRGBATile function in libtiff/tif_getimage.c.
- CVE-2022-3970
-- David Fernandez Gonzalez <david.fernandezgonzalez@canonical.com> Thu, 01 Dec 2022 10:12:53 +0100
tiff (4.3.0-6ubuntu0.2) jammy-security; urgency=medium
* SECURITY UPDATE: out-of-bound read/write in tiffcrop
- debian/patches/CVE-2022-2867_2868_2869.patch: Fix heap-buffer-overflow by
correcting uint32_t underflow
- CVE-2022-2867
- CVE-2022-2868
- CVE-2022-2869
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2022-3570_3598.patch: increases buffer sizes for
subroutines in tools/tiffcrop.c.
- CVE-2022-3570
- CVE-2022-3598
* SECURITY UPDATE: out-of-bound write in tiffcrop
- debian/patches/CVE-2022-3599.patch: Revised handling of TIFFTAG_INKNAMES
and related TIFFTAG_NUMBEROFINKS value
- CVE-2022-3599
* SECURITY UPDATE: stack overflow in _TIFFVGetField
- debian/patches/CVE-2022-34526.patch: Add _TIFFCheckFieldIsValidForCodec()
return FALSE when passed a codec-specific tag and the codec is not
configured
- CVE-2022-34526
-- Nishit Majithia <nishit.majithia@canonical.com> Wed, 02 Nov 2022 13:55:08 +0530
# For older changelog entries, run 'apt-get changelog libtiff5'
Generated by dwww version 1.14 on Tue Aug 26 01:04:27 CEST 2025.