user/tiff: multiple vulnerabilities
| Bugzilla ID | 186 |
| Alias(es) | CVE-2019-14973, CVE-2019-17546 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-08-23 09:29:17 -0500 |
| Modified | 2020-02-24 23:51:14 -0600 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-14973 |
Description
_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through
4.0.10 mishandle Integer Overflow checks because they rely on compiler
behavior that is undefined by the applicable C standards. This can,
for example, lead to an application crash.