-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 13 Mar 2022 15:57:56 +0100 Source: tiff Binary: libtiff-doc Architecture: all Version: 4.2.0-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: all Build Daemon (x86-grnet-02) Changed-By: Laszlo Boszormenyi (GCS) Description: libtiff-doc - TIFF manipulation and conversion documentation Changes: tiff (4.2.0-1+deb11u1) bullseye-security; urgency=high . [ Thorsten Alteholz ] * CVE-2022-22844 out-of-bounds read in _TIFFmemcpy in certain situations involving a custom tag and 0x0200 as the second word of the DE field. * CVE-2022-0562 Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory(). This could result in a Denial of Service via crafted TIFF files. * CVE-2022-0561 Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing(). This could result in a Denial of Service via crafted TIFF files. . [ Laszlo Boszormenyi (GCS) ] * Backport security fix for CVE-2022-0865, crash when reading a file with multiple IFD in memory-mapped mode and when bit reversal is needed. * Backport security fix for CVE-2022-0908, null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag(). * Backport security fix for CVE-2022-0907, unchecked return value to null pointer dereference in tiffcrop. * Backport security fix for CVE-2022-0909, divide by zero error in tiffcrop. * Backport security fix for CVE-2022-0891, heap buffer overflow in ExtractImageSection function in tiffcrop. * Backport security fix for CVE-2022-0924, heap buffer overflow in tiffcp. Checksums-Sha1: 28984ec3922db293b844d8b8979c706d8f092fc3 436708 libtiff-doc_4.2.0-1+deb11u1_all.deb 6e5d972918b09491a9b44fe0593c69813835b952 8294 tiff_4.2.0-1+deb11u1_all-buildd.buildinfo Checksums-Sha256: 02a36c6e87203644119e6890a02957be07c4915477457cc7f8f3702ae284776f 436708 libtiff-doc_4.2.0-1+deb11u1_all.deb f87a43ba0312f7fcc9db2825f3fca8273a1b968f474ae3d0e4a7990580c7c223 8294 tiff_4.2.0-1+deb11u1_all-buildd.buildinfo Files: cc6c1ed44845f7a2f23f431820c6e9a1 436708 doc optional libtiff-doc_4.2.0-1+deb11u1_all.deb 0dee1f9e26862fb1c8ca08cf58f5c988 8294 libs optional tiff_4.2.0-1+deb11u1_all-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEqQcRQHTGP4qt3opGks26TWZ8cfMFAmI7XUoACgkQks26TWZ8 cfNkgBAAqhhWwOEmOxslCf5m8T7AsnSKAulpoCJFVQZg1xfrfdx0MLr4gWmrmMaf X97pgy/kB5zLUPLZInofaEHpHLpauLcqralZbUw239UZXXTbM6cDK1fW/1pjoRxT WDde1Ph0YaWzM+LgwVLzPnLY9UN0LOzjUF3N/15jL+T7y86N0VDFQaNlHBHd7VYv B8o8X77SZIs5BgQpRHRepBO9ORHbqdlFBUTe41oQlW3mAUZEg5Ua+a0YOzrEgjfs iogafjO4u5DZ5sfexW++NdL6ED/1dRAJj568khM48COo65+eAYp0AFEic618M7F9 3Q+8zBVywK4SWWfPKrGPc1dJ7eo5NKcSYTdCrzPti1QCP0rubQDZIp95ACpyqC3Q 21/aE0DwFL7KvWXzHq0BVd3V3sjlIEfcrf16KYG+k9Nq48P0Yr7+qrmFrIEQIqYx jrExo/+NpilY9grTMj1p/tZIgJdv/dRMPwPk5d8cE9sgBY54NnYkvR6EwHt5n5N0 cj9+mysPLp/1Zt64AH+uqj7EhlbmXfAz3j4e54SKwC6YugImMXTA+QydhGd5xmxE EytwxStEQsg3Bb2yyiK02h9HiS3oClnpe2wK1Y8ud7ihI/s+qtqPw6oy9RBux31P XfLdNbi9zHQl6cX8DLr3O0KL94X2u0Z9+9glW59t/tTiLUO7u7g= =2ZTj -----END PGP SIGNATURE-----