Your submission was sent successfully! Close

Thank you for contacting our team. We will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2024-6716

Published: 15 July 2024

A flaw was found in the libtiff library. An out-of-memory issue in the TIFFReadEncodedStrip function can be triggered when processing a crafted tiff file, allowing attackers to perform memory allocation of arbitrary sizes, resulting in a denial of service.

Notes

AuthorNote
Priority reason:
Only a resource consumption DoS via API misuse
sbeattie
texmaker added an embedded copy of libtiff in bionic
mdeslaur
Per the tiff developers, this API can't perform restrictions on
imagewidth and imagelength, as high values are also valid.
Application developers should be using the
TIFFOpenOptionsSetMaxSingleMemAlloc() API.
The upstream bug is likely to get closed, and this CVE rejected.
Marking as deferred for now.

Priority

Low

Status

Package Release Status
gdal
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(uses system tiff)
focal Not vulnerable
(uses system tiff)
jammy Not vulnerable
(uses system tiff)
noble Not vulnerable
(uses system tiff)
trusty Needs triage

upstream Needs triage

xenial Needs triage

neuron
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

jammy Needs triage

noble Not vulnerable
(dropped embedded libtiff)
upstream Needs triage

qtwebengine-opensource-src
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

jammy Needs triage

noble Needs triage

upstream Needs triage

texmaker
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

jammy Needs triage

noble Needs triage

upstream Needs triage

xenial Needs triage

tiff
Launchpad, Ubuntu, Debian
bionic Deferred
(2024-07-15)
focal Deferred
(2024-07-15)
jammy Deferred
(2024-07-15)
noble Deferred
(2024-07-15)
trusty Deferred
(2024-07-15)
upstream Needs triage

xenial Deferred
(2024-07-15)