CVE-2016-9540 in Ubuntu

CVE-2016-9540

Priority

Description

tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images
with odd tile width versus image width. Reported as MSVR 35103, aka
"cpStripToTile heap-buffer-overflow."

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9540
https://usn.ubuntu.com/usn/usn-3212-1

Notes

mdeslaur

this will not be fixed in precise/esm

Package

Source: tiff (LP Ubuntu Debian)

Upstream:	released (4.0.7-1)
Ubuntu 12.04 ESM (Precise Pangolin):	ignored
Ubuntu 14.04 ESM (Trusty Tahr):	released (4.0.3-7ubuntu0.6)
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.0.6-1ubuntu0.1)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (4.0.7-1)

Patches:

Upstream:

https://github.com/vadz/libtiff/commit/5ad9d8016fbb60109302d558f7edb2cb2a3bb8e3

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2019-12-05 18:46:45 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)