GLSA 200908-03 (Normal): tiff

86

Two vulnerabilities have been reported in libTIFF:

  • wololo reported a buffer underflow in the LZWDecodeCompat() function (CVE-2009-2285).
  • Tielei Wang of ICST-ERCIS, Peking University reported two integer overflows leading to heap-based buffer overflows in the tiff2rgba and rgb2ycbcr tools (CVE-2009-2347).