1.78.0
Notably, this release addresses:
USN-6644-2 USN-6644-2: LibTIFF vulnerabilities:
- CVE-2023-52356: A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.
- CVE-2023-6228: An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.
- CVE-2023-6277: An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.
- CVE-2023-52356: A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.
- CVE-2023-6228: An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.
- CVE-2023-6277: An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.
-ii libtiff-dev:amd64 4.3.0-6ubuntu0.7 amd64 Tag Image File Format library (TIFF), development files
-ii libtiff5:amd64 4.3.0-6ubuntu0.7 amd64 Tag Image File Format (TIFF) library
-ii libtiffxx5:amd64 4.3.0-6ubuntu0.7 amd64 Tag Image File Format (TIFF) library -- C++ interface
+ii libtiff-dev:amd64 4.3.0-6ubuntu0.8 amd64 Tag Image File Format library (TIFF), development files
+ii libtiff5:amd64 4.3.0-6ubuntu0.8 amd64 Tag Image File Format (TIFF) library
+ii libtiffxx5:amd64 4.3.0-6ubuntu0.8 amd64 Tag Image File Format (TIFF) library -- C++ interface