| Package | tiff |
|---|---|
| Version | 4.0.3-12.3+deb8u17 (jessie), 4.0.8-2+deb9u12 (stretch) |
| Related CVEs | CVE-2023-3576 CVE-2023-52356 |
Two issues have been found in tiff, a Tag Image File Format (TIFF) library with tools. Using crafted TIFF files an attacker would be able to cause a segmentation fault or a memory leak, which may result in an application crash and denial of service.
For Debian 8 jessie, these problems have been fixed in version 4.0.3-12.3+deb8u17.
For Debian 9 stretch, these problems have been fixed in version 4.0.8-2+deb9u12.
We recommend that you upgrade your tiff packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.