ELA-16-1 tiff security update

DoS vulnerability

2018-07-18
Packagetiff
Version4.0.2-6+deb7u22
Related CVEs CVE-2018-10963


The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726.



For Debian 7 Wheezy, these problems have been fixed in version 4.0.2-6+deb7u22.

We recommend that you upgrade your tiff packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.