Debian Security Advisory

DLA-877-1 tiff -- LTS security update

Date Reported:
28 Mar 2017
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2016-10266, CVE-2016-10267, CVE-2016-10268, CVE-2016-10269.
More information:

libtiff is vulnerable to multiple buffer overflows and integer overflows that can lead to application crashes (denial of service) or worse.

  • CVE-2016-10266

    Integer overflow that can lead to divide-by-zero in TIFFReadEncodedStrip (tif_read.c).

  • CVE-2016-10267

    Divide-by-zero error in OJPEGDecodeRaw (tif_ojpeg.c). CVE-2016-10268

    Heap-based buffer overflow in TIFFReverseBits (tif_swab.c).

  • CVE-2016-10269

    Heap-based buffer overflow in _TIFFmemcpy (tif_unix.c).

For Debian 7 Wheezy, these problems have been fixed in version 4.0.2-6+deb7u11.

We recommend that you upgrade your tiff packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: