Sauli Pahlman

**Name of the Vulnerable Software and Affected Versions** cups versions 1.1.17 through 1.1.22 cups-devel versions 1.1.17 through 1.1.22 cups-libs versions 1.1.17 through 1.1.22 kdegraphics versions 3.3.1 kdegraphics-devel versions 3.3.1 xpdf versions prior to 3.02pl5 poppler versions prior to 0.15.1 **Description** The issue is related to a vulnerability in the PDF parser, specifically the Gfx::getPos function, which allows context-dependent attackers to cause a denial of service or gain access to confidential data. The vulnerability can be exploited remotely, potentially leading to a disruption of confidentiality, integrity, and availability of protected information. **Recommendations** For cups versions 1.1.17 through 1.1.22, consider disabling the vulnerable function until a patch is available. For cups-devel versions 1.1.17 through 1.1.22, restrict access to the vulnerable module to minimize the risk of exploitation. For cups-libs versions 1.1.17 through 1.1.22, avoid using the vulnerable library until the issue is resolved. For kdegraphics versions 3.3.1, consider disabling the vulnerable component until a patch is available. For kdegraphics-devel versions 3.3.1, restrict access to the vulnerable module to minimize the risk of exploitation. For xpdf versions prior to 3.02pl5, update to version 3.02pl5 or later. For poppler versions prior to 0.15.1, update to version 0.15.1 or later. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LibTIFF versions 3.9.4 and earlier tiff versions prior to 4.0.2-r1 **Description** The issue arises from improper handling of an invalid `td stripbytecount` field in crafted TIFF files, leading to a denial of service through a NULL pointer dereference and application crash. Additionally, multiple vulnerabilities in the tiff package can compromise the confidentiality, integrity, and availability of protected information, with potential for remote exploitation. **Recommendations** For LibTIFF versions 3.9.4 and earlier, update to a version later than 3.9.4 to resolve the issue. For tiff versions prior to 4.0.2-r1, update to version 4.0.2-r1 or later to address the vulnerabilities.

**Name of the Vulnerable Software and Affected Versions** LibTIFF versions prior to 4.0.2 **Description** The issue is related to multiple vulnerabilities in the tiff package, which can lead to breaches of confidentiality, integrity, and availability of protected information. Exploitation can be done remotely. Specifically, the TIFFVStripSize function in tif strip.c makes incorrect calls to the TIFFGetField function, allowing remote attackers to cause a denial of service via a crafted TIFF image, possibly related to "downsampled OJPEG input" and a compiler optimization that triggers a divide-by-zero error. **Recommendations** For versions prior to 4.0.2, update to version 4.0.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the TIFFVStripSize function in tif strip.c until a patch is available. Avoid using the `TIFFGetField` function with untrusted input in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** LibTIFF versions prior to 3.9.3 tiff versions prior to 4.0.2-r1 **Description** The issue is related to an integer overflow in the TIFFroundup macro, which can be triggered by a crafted TIFF file, potentially leading to a denial of service or arbitrary code execution. Multiple vulnerabilities in the tiff package can compromise the confidentiality, integrity, and availability of protected information and can be exploited remotely. **Recommendations** For LibTIFF versions prior to 3.9.3, update to version 3.9.3 or later to resolve the issue. For tiff versions prior to 4.0.2-r1, update to version 4.0.2-r1 or later to resolve the issue.