| Package | tiff |
|---|---|
| Version | 4.0.3-12.3+deb8u18 (jessie), 4.0.8-2+deb9u13 (stretch), 4.1.0+git191117-2~deb10u10 (buster) |
| Related CVEs | CVE-2024-7006 |
NULL pointer dereference in TIFFReadDirectory()/TIFFReadCustomDirectory() has been fixed in tiff, a library and tools providing support for the Tag Image File Format (TIFF).
Additionally, issues with the earlier fixes for CVE-2023-52356 and CVE-2023-25433 have been resolved.
For Debian 10 buster, these problems have been fixed in version 4.1.0+git191117-2~deb10u10.
For Debian 8 jessie, these problems have been fixed in version 4.0.3-12.3+deb8u18.
For Debian 9 stretch, these problems have been fixed in version 4.0.8-2+deb9u13.
We recommend that you upgrade your tiff packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.