This update for tiff fixes the following security issues:
These security issues were fixed:
CVE-2017-18013: Fixed a NULL pointer dereference in the
tif_print.cTIFFPrintDirectory function that could have lead to denial of
service (bsc#1074317).
CVE-2018-10963: Fixed an assertion failure in the TIFFWriteDirectorySec()
function in tif_dirwrite.c, which allowed remote attackers to cause a denial
of service via a crafted file (bsc#1092949).
CVE-2018-7456: Prevent a NULL Pointer dereference in the function
TIFFPrintDirectory when using the tiffinfo tool to print crafted TIFF
information, a different vulnerability than CVE-2017-18013 (bsc#1082825).
CVE-2017-11613: Prevent denial of service in the TIFFOpen function. During
the TIFFOpen process, tdimagelength is not checked. The value of
tdimagelength can be directly controlled by an input file. In the
ChopUpSingleUncompressedStrip function, the TIFFCheckMalloc function is called
based on tdimagelength. If the value of td_imagelength is set close to the
amount of system memory, it will hang the system or trigger the OOM killer
(bsc#1082332).
CVE-2018-8905: Prevent heap-based buffer overflow in the function
LZWDecodeCompat via a crafted TIFF file (bsc#1086408).