-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 13 Mar 2022 15:57:56 +0100 Source: tiff Architecture: source Version: 4.2.0-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Laszlo Boszormenyi (GCS) Changed-By: Laszlo Boszormenyi (GCS) Changes: tiff (4.2.0-1+deb11u1) bullseye-security; urgency=high . [ Thorsten Alteholz ] * CVE-2022-22844 out-of-bounds read in _TIFFmemcpy in certain situations involving a custom tag and 0x0200 as the second word of the DE field. * CVE-2022-0562 Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory(). This could result in a Denial of Service via crafted TIFF files. * CVE-2022-0561 Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing(). This could result in a Denial of Service via crafted TIFF files. . [ Laszlo Boszormenyi (GCS) ] * Backport security fix for CVE-2022-0865, crash when reading a file with multiple IFD in memory-mapped mode and when bit reversal is needed. * Backport security fix for CVE-2022-0908, null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag(). * Backport security fix for CVE-2022-0907, unchecked return value to null pointer dereference in tiffcrop. * Backport security fix for CVE-2022-0909, divide by zero error in tiffcrop. * Backport security fix for CVE-2022-0891, heap buffer overflow in ExtractImageSection function in tiffcrop. * Backport security fix for CVE-2022-0924, heap buffer overflow in tiffcp. Checksums-Sha1: dec47816c3a7730a61bf7f54eea8e6c8e6327d1e 2461 tiff_4.2.0-1+deb11u1.dsc 400ff865beb34499633dd1095fe438995e6da707 2809373 tiff_4.2.0.orig.tar.gz cf80f83c9995a2ca9d1df2deb883a499037ddc51 228 tiff_4.2.0.orig.tar.gz.asc d26f632646669b8de57dc97d7392ee040cce188a 25188 tiff_4.2.0-1+deb11u1.debian.tar.xz Checksums-Sha256: 09c0d66b0f710bab934727529fcc418217588ccd62b7ebcbe1a1057bea6507e4 2461 tiff_4.2.0-1+deb11u1.dsc eb0484e568ead8fa23b513e9b0041df7e327f4ee2d22db5a533929dfc19633cb 2809373 tiff_4.2.0.orig.tar.gz 119bb62934603ff4d3cd81c739d11904b28812a860773b9b2268cc96a339b14f 228 tiff_4.2.0.orig.tar.gz.asc a0b8d4a231d97e0dbefde74fe5788d19429c4bcbfd32102a9d09fd6dc39273a0 25188 tiff_4.2.0-1+deb11u1.debian.tar.xz Files: 74a1f3f8b9553d400c4c3e41ebeea1b9 2461 libs optional tiff_4.2.0-1+deb11u1.dsc 2bbf6db1ddc4a59c89d6986b368fc063 2809373 libs optional tiff_4.2.0.orig.tar.gz 65a996e77123a6215470b7b08f6e41b0 228 libs optional tiff_4.2.0.orig.tar.gz.asc 5294fce7bfaca0959a7606ce192d1acb 25188 libs optional tiff_4.2.0-1+deb11u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAmI7V7kACgkQ3OMQ54ZM yL8cbA//YbDTeiL5SG9nRjRHEHGRL1hl0BcQR4DQZ6BCsdf3W5Es7asWh030SN05 lNuVm5WLW61kmfpNSJk14TsHL/3zheEX4Fg6DzriVEzSRt4YMEUYvcvZBTB/6WzX +WyU8cXhFWN/FXCz6WpLzB+Z+Gd1qZmZYifWwMYwb+P0kYyiJs1qC2D71FI80PLa ZxUQgvqOqY90PjkxokS3n2s4QQtB8wjafK0oUD3OB5lDmPJLsBLObeFiYXTWu+V0 F7wUzFSpvpBxSuc7G2GPS55PGhqhcIRKMFGK1hOyF5D/a+cvzHd1Upjiv6h7judW mfXTB+n2UbemSML0E9y6WH1df3IcoGpsqKLjfBxiORvVhPRZtGq6oS8zhjMFNob+ sSzFIyVOvtin0QXgFXbUyWCYTEsnYK2BFYskQCseLVGW7jugoVR6JaaIgjsL6AKA +1IsIAR092N56a2BIeJHFoM1Z2rNXjskYbS8xH+NN5j8qsYgf5ms/5E1+e9Rbl5/ uH8PsJtF7CJRZHPIRmBUkqoeTC0cIZcPOuE+IXoeZdXIIO6bGunqLFtbpUjJJKQP m45TjHv+J5b/DpawdB3dH1i7vAgglAGgxWH3LM0FoNEzftWPKNkipHg6yQWvCpwE 7j4FTj4StI9rYZFK8pSy2zJszahBY0EjaKNcnHjLALCsmsO0klM= =LKEA -----END PGP SIGNATURE-----