{"id":"MGASA-2018-0426","summary":"Updated libtiff packages fix security vulnerabilities","details":"The updated packages fix security vulnerabilities:\n\nAn issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in\nmultiply_ms in tools/ppm2tiff.c, which can cause a denial of service\n(crash) or possibly have unspecified other impact via a crafted image\nfile (CVE-2018-17100).\n\nAn issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds\nwrites in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause\na denial of service (application crash) or possibly have unspecified other\nimpact via a crafted image file (CVE-2018-17101).\n","modified":"2026-04-16T06:22:32.305981646Z","published":"2018-10-30T18:01:43Z","upstream":["CVE-2018-17100","CVE-2018-17101"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0426.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23753"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-updates/2018-10/msg00149.html"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-updates/2018-10/msg00150.html"}],"affected":[{"package":{"name":"libtiff","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/libtiff?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.9-1.7.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0426.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}