CVE-2018-19210 (https://nvd.nist.gov/vuln/detail/CVE-2018-19210): In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset. CVE-2019-6128 (https://nvd.nist.gov/vuln/detail/CVE-2019-6128): The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.
x86 stable
sparc stable
s390 stable
ppc64 stable
arm64 stable
ppc stable
amd64 stable
ia64 stable
alpha stable
hppa stable
arm stable
sh stable
m68k stable
@ maintainer(s): Please cleanup and drop <media-libs/tiff-4.1.0!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2b07bec238b4b2e98288cf4880faad4b504366ee commit 2b07bec238b4b2e98288cf4880faad4b504366ee Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2020-01-29 21:43:33 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-01-29 21:44:32 +0000 media-libs/tiff: 4.0.10-r2 security cleanup If no one else will do it... Bug: https://bugs.gentoo.org/699868 Package-Manager: Portage-2.3.86, Repoman-2.3.20 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> media-libs/tiff/Manifest | 1 - ...-2018-17000-tif_dirwrite-null-dereference.patch | 33 -- ....0.10-CVE-2019-14973-fix-integer-overflow.patch | 395 --------------------- .../tiff-4.0.10-CVE-2019-6128-pal2rgb-leak.patch | 48 --- ....0.10-CVE-2019-7663-tiffcpIntegerOverflow.patch | 73 ---- media-libs/tiff/tiff-4.0.10-r2.ebuild | 86 ----- 6 files changed, 636 deletions(-)
New GLSA request filed.
This issue was resolved and addressed in GLSA 202003-25 at https://security.gentoo.org/glsa/202003-25 by GLSA coordinator Thomas Deutschmann (whissi).