user/tiff: multiple vulnerabilities
Bugzilla ID | 186 |
Alias(es) | CVE-2019-14973, CVE-2019-17546 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2019-08-23 09:29:17 -0500 |
Modified | 2020-02-24 23:51:14 -0600 |
Status | RESOLVED FIXED |
Version | 1.0-BETA3 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
URL | https://nvd.nist.gov/vuln/detail/CVE-2019-14973 |
Description
_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through
4.0.10 mishandle Integer Overflow checks because they rely on compiler
behavior that is undefined by the applicable C standards. This can,
for example, lead to an application crash.