Bugzilla – Bug 1156754
VUL-1: CVE-2015-8683: tiff: Out-of-bounds when reading CIE Lab image format files
Last modified: 2022-02-18 14:21:45 UTC
CVE-2015-8683 An out-bounds-read flaw was found in the way libtiff processed CIE Lab image format files. A attacker could create a specially-crafted CIE Lab image format files which could cause libtiff to crash. Reference: http://seclists.org/oss-sec/2015/q4/583 References: https://bugzilla.redhat.com/show_bug.cgi?id=1294427 http://www.openwall.com/lists/oss-security/2015/12/25/1 http://seclists.org/oss-sec/2015/q4/584 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809021 http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8683.html https://access.redhat.com/security/cve/CVE-2015-8683 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8683 http://www.securityfocus.com/bid/79718
Upstream commit: https://github.com/vadz/libtiff/commit/f94a29a822f5528d2334592760fbb7938f15eb55
submitted
SUSE-SU-2022:14888-1: An update that fixes 6 vulnerabilities is now available. Category: security (important) Bug References: 1156749,1156754,1182808,1182809,1182811,1182812 CVE References: CVE-2015-8665,CVE-2015-8683,CVE-2020-35521,CVE-2020-35522,CVE-2020-35523,CVE-2020-35524 JIRA References: Sources used: SUSE Linux Enterprise Server 11-SP4-LTSS (src): tiff-3.8.2-141.169.34.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): tiff-3.8.2-141.169.34.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): tiff-3.8.2-141.169.34.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): tiff-3.8.2-141.169.34.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.