CVE-2019-14973

Published: 14 August 2019

_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash.

Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
tiff
Launchpad, Ubuntu, Debian
Upstream
Released (4.0.10+git190814-1)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(4.0.10+git191003-1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(4.0.10+git191003-1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (4.0.9-5ubuntu0.3)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (4.0.6-1ubuntu0.7)
Ubuntu 14.04 ESM (Trusty Tahr) Needed

Patches:
Upstream: https://gitlab.com/libtiff/libtiff/commit/1b5e3b6a23827c33acf19ad50ce5ce78f12b3773