Headline
Debian Security Advisory 5567-1
Debian Linux Security Advisory 5567-1 - Multiple buffer overflows and memory leak issues have been found in tiff, the Tag Image File Format (TIFF) library and tools, which may cause denial of service when processing a crafted TIFF image.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- - -------------------------------------------------------------------------Debian Security Advisory DSA-5567-1 [email protected]://www.debian.org/security/ Aron XuNovember 27, 2023 https://www.debian.org/security/faq- - -------------------------------------------------------------------------Package : tiffCVE ID : CVE-2023-3576 CVE-2023-40745 CVE-2023-41175Debian Bug :Brief introductionMultiple buffer overflows and memory leak issues have been found in tiff,the Tag Image File Format (TIFF) library and tools, which may cause denialof service when processing a crafted TIFF image.For the oldstable distribution (bullseye), these problems have been fixedin version 4.2.0-1+deb11u5.For the stable distribution (bookworm), these problems have been fixed inversion 4.5.0-6+deb12u1.We recommend that you upgrade your tiff packages.For the detailed security status of tiff please refer toits security tracker page at:https://security-tracker.debian.org/tracker/tiffFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmVkI0cACgkQO1LKKgqv2VT46QgAvtYySLyFvbEsmMlcHIFWXRtkqO2cxtsb7F0NDN8vl2yATpPN8ZWeEmFxES3DEpRJkAmZ9Of+87a06r4tdFAQlg/uqwMMO4WbdihUlzgnsRLXKUSUqHMFv3Wr9nvckp6OCwztPUb0G+bpAn+dJHqs6iF3q6ukwWcW0cprLQzigUMmxTnvWt4bc4eT1nfWRLWkwVObl488Lq94zawtB3NZoQaNvQDMHxVZ7VPsQvDSrKAT71/TnzFUpXJlUePBCKUmK1Q0a6akxBpoNAr6ujdrWcCPDMNl7+jBJE3AwoMPZptTlIsqKTYTT4qrtd80YDYxVScgc+t2GrO1PgzM12/Mqg==WLU7-----END PGP SIGNATURE-----Related news
Ubuntu Security Notice 6512-1 - It was discovered that LibTIFF could be made to run into an infinite loop. If a user or an automated system were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause a denial of service. It was discovered that LibTIFF could be made leak memory. If a user or an automated system were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause a denial of service.
LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.
A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.