Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-26965: tiffcrop: Do not reuse input buffer for subsequent images. Fix issue 527 (!472) · Merge requests · libtiff / libtiff · GitLab

loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.

CVE
#git

Skip to content

GitLab

    • GitLab: the DevOps platform
    • Explore GitLab
    • Install GitLab
    • How GitLab compares
    • Get started
    • GitLab docs
    • GitLab Learn
  • Pricing

  • Talk to an expert

  • /

  • Help

    • Help

    • Support

    • Community forum

    • Submit feedback

    • Contribute to GitLab

    • Switch to GitLab Next

    Projects Groups Topics Snippets

  • Register

  • Sign in

  • libtiff

  • libtiff

  • Merge requests

  • !472

tiffcrop: Do not reuse input buffer for subsequent images. Fix issue 527

  • Review changes
  • Download

  • Patches

  • Plain diff

Merged Su Laus requested to merge Su_Laus/libtiff:tiffcrop_dont_reuse_input_buffer_fix_527 into master Feb 14, 2023

  • Overview 1
  • Commits 1
  • Pipelines 1
  • Changes 1

tiffcrop: Do not reuse input buffer for subsequent images. Fix issue 527

Reuse of read_buff within loadImage() from previous image is quite unsafe, because other functions (like rotateImage() etc.) reallocate that buffer with different size without updating the local prev_readsize value.

Closes #527 (closed)

Related news

Ubuntu Security Notice USN-6290-1

Ubuntu Security Notice 6290-1 - It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files with the tiffcrop utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that LibTIFF incorrectly handled certain image files. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04.

Ubuntu Security Notice USN-6229-1

Ubuntu Security Notice 6229-1 - It was discovered that LibTIFF was not properly handling variables used to perform memory management operations when processing an image through tiffcrop, which could lead to a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that LibTIFF was not properly processing numerical values when dealing with little-endian input data, which could lead to the execution of an invalid operation. An attacker could possibly use this issue to cause a denial of service

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907