Source: tiff
Version: 4.0.9-1
Severity: important
Tags: patch security upstream


the following vulnerability was published for tiff.

| In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the
| TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage
| this vulnerability to cause a denial of service via a crafted tif file.
| This occurs because the declared number of directory entries is not
| validated against the actual number of directory entries.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:


Please adjust the affected versions in the BTS as needed.


Secure-testing-team mailing list

Reply via email to