AWARE SYSTEMS
TIFF and LibTiff Mail List Archive

Thread

2020.04.01 18:25 "[Tiff] Question about security vulnerabilities in tiff 4.0.10", by Nalini Vishnoi
2020.04.02 09:00 "Re: [Tiff] Question about security vulnerabilities in tiff 4.0.10", by Thomas Bernard
2020.04.02 09:46 "Re: [Tiff] Question about security vulnerabilities in tiff 4.0.10", by Nalini Vishnoi

2020.04.01 18:25 "[Tiff] Question about security vulnerabilities in tiff 4.0.10", by Nalini Vishnoi

Hello Tiff team,

I am using tiff version 4.0.10 and I recently came across the following security vulnerabilities in this version:

https://nvd.nist.gov/vuln/detail/CVE-2019-6128
https://nvd.nist.gov/vuln/detail/CVE-2019-14973
https://nvd.nist.gov/vuln/detail/CVE-2019-17546
https://nvd.nist.gov/vuln/detail/CVE-2019-7663

I wanted to check if these are fixed in the latest tiff library (4.1.0). I can see at least one<https://nvd.nist.gov/vuln/detail/CVE-2019-17546> of them excludes 4.1.0.

Can you please verify if all of these vulnerabilities are fixed in 4.1.0? If not, are there plans to provide patches to fix them in the older versions?

Thanks and regards,

Nalini