Errata overview
Errata ID 539
Date 2018-11-01
Source package tiff
Fixed in version 4.0.3-12.3+deb8u7
This update addresses the following issues:
* Integer overflow in multiply_ms in tools/ppm2tiff.c (CVE-2018-17100)
* Two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c
* LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a
  buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode
  out-of-bounds write. (CVE-2018-18557)
Additional notes
CVE ID CVE-2018-17100
UCS Bug number #48070