ELA-806-1 tiff security update

denial of service

2023-02-22
Packagetiff
Version4.0.3-12.3+deb8u15 (jessie), 4.0.8-2+deb9u10 (stretch)
Related CVEs CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799 CVE-2023-0800 CVE-2023-0801 CVE-2023-0802 CVE-2023-0803 CVE-2023-0804


Several flaws were found in tiffcrop, a program distributed by tiff, a library and tools providing support for the Tag Image File Format (TIFF). A specially crafted tiff file can lead to an out-of-bounds write or read resulting in a denial of service.



For Debian 8 jessie, these problems have been fixed in version 4.0.3-12.3+deb8u15.

For Debian 9 stretch, these problems have been fixed in version 4.0.8-2+deb9u10.

We recommend that you upgrade your tiff packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.