Headline
Red Hat Security Advisory 2023-3711-01
Red Hat Security Advisory 2023-3711-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include buffer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: libtiff security update
Advisory ID: RHSA-2023:3711-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2023:3711
Issue date: 2023-06-21
CVE Names: CVE-2022-48281 CVE-2023-0795 CVE-2023-0796
CVE-2023-0797 CVE-2023-0798 CVE-2023-0799
CVE-2023-0800 CVE-2023-0801 CVE-2023-0802
CVE-2023-0803 CVE-2023-0804
=====================================================================
- Summary:
An update for libtiff is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux CRB (v. 9) - aarch64, ppc64le, s390x, x86_64
- Description:
The libtiff packages contain a library of functions for manipulating Tagged
Image File Format (TIFF) files.
Security Fix(es):
libtiff: heap-based buffer overflow in processCropSelections() in
tools/tiffcrop.c (CVE-2022-48281)libtiff: out-of-bounds read in extractContigSamplesShifted16bits() in
tools/tiffcrop.c (CVE-2023-0795)libtiff: out-of-bounds read in extractContigSamplesShifted24bits() in
tools/tiffcrop.c (CVE-2023-0796)libtiff: out-of-bounds read in _TIFFmemcpy() in libtiff/tif_unix.c when
called by functions in tools/tiffcrop.c (CVE-2023-0797)libtiff: out-of-bounds read in extractContigSamplesShifted8bits() in
tools/tiffcrop.c (CVE-2023-0798)libtiff: use-after-free in extractContigSamplesShifted32bits() in
tools/tiffcrop.c (CVE-2023-0799)libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in
tools/tiffcrop.c (CVE-2023-0800)libtiff: out-of-bounds write in _TIFFmemcpy() in libtiff/tif_unix.c when
called by functions in tools/tiffcrop.c (CVE-2023-0801)libtiff: out-of-bounds write in extractContigSamplesShifted32bits() in
tools/tiffcrop.c (CVE-2023-0802)libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in
tools/tiffcrop.c (CVE-2023-0803)libtiff: out-of-bounds write in extractContigSamplesShifted24bits() in
tools/tiffcrop.c (CVE-2023-0804)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running applications linked against libtiff must be restarted for this
update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
2163606 - CVE-2022-48281 libtiff: heap-based buffer overflow in processCropSelections() in tools/tiffcrop.c
2170119 - CVE-2023-0795 libtiff: out-of-bounds read in extractContigSamplesShifted16bits() in tools/tiffcrop.c
2170146 - CVE-2023-0796 libtiff: out-of-bounds read in extractContigSamplesShifted24bits() in tools/tiffcrop.c
2170151 - CVE-2023-0797 libtiff: out-of-bounds read in _TIFFmemcpy() in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c
2170157 - CVE-2023-0798 libtiff: out-of-bounds read in extractContigSamplesShifted8bits() in tools/tiffcrop.c
2170162 - CVE-2023-0799 libtiff: use-after-free in extractContigSamplesShifted32bits() in tools/tiffcrop.c
2170167 - CVE-2023-0800 libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c
2170172 - CVE-2023-0801 libtiff: out-of-bounds write in _TIFFmemcpy() in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c
2170178 - CVE-2023-0802 libtiff: out-of-bounds write in extractContigSamplesShifted32bits() in tools/tiffcrop.c
2170187 - CVE-2023-0803 libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c
2170192 - CVE-2023-0804 libtiff: out-of-bounds write in extractContigSamplesShifted24bits() in tools/tiffcrop.c
- Package List:
Red Hat Enterprise Linux AppStream (v. 9):
Source:
libtiff-4.4.0-8.el9_2.src.rpm
aarch64:
libtiff-4.4.0-8.el9_2.aarch64.rpm
libtiff-debuginfo-4.4.0-8.el9_2.aarch64.rpm
libtiff-debugsource-4.4.0-8.el9_2.aarch64.rpm
libtiff-devel-4.4.0-8.el9_2.aarch64.rpm
libtiff-tools-debuginfo-4.4.0-8.el9_2.aarch64.rpm
ppc64le:
libtiff-4.4.0-8.el9_2.ppc64le.rpm
libtiff-debuginfo-4.4.0-8.el9_2.ppc64le.rpm
libtiff-debugsource-4.4.0-8.el9_2.ppc64le.rpm
libtiff-devel-4.4.0-8.el9_2.ppc64le.rpm
libtiff-tools-debuginfo-4.4.0-8.el9_2.ppc64le.rpm
s390x:
libtiff-4.4.0-8.el9_2.s390x.rpm
libtiff-debuginfo-4.4.0-8.el9_2.s390x.rpm
libtiff-debugsource-4.4.0-8.el9_2.s390x.rpm
libtiff-devel-4.4.0-8.el9_2.s390x.rpm
libtiff-tools-debuginfo-4.4.0-8.el9_2.s390x.rpm
x86_64:
libtiff-4.4.0-8.el9_2.i686.rpm
libtiff-4.4.0-8.el9_2.x86_64.rpm
libtiff-debuginfo-4.4.0-8.el9_2.i686.rpm
libtiff-debuginfo-4.4.0-8.el9_2.x86_64.rpm
libtiff-debugsource-4.4.0-8.el9_2.i686.rpm
libtiff-debugsource-4.4.0-8.el9_2.x86_64.rpm
libtiff-devel-4.4.0-8.el9_2.i686.rpm
libtiff-devel-4.4.0-8.el9_2.x86_64.rpm
libtiff-tools-debuginfo-4.4.0-8.el9_2.i686.rpm
libtiff-tools-debuginfo-4.4.0-8.el9_2.x86_64.rpm
Red Hat Enterprise Linux CRB (v. 9):
aarch64:
libtiff-debuginfo-4.4.0-8.el9_2.aarch64.rpm
libtiff-debugsource-4.4.0-8.el9_2.aarch64.rpm
libtiff-tools-4.4.0-8.el9_2.aarch64.rpm
libtiff-tools-debuginfo-4.4.0-8.el9_2.aarch64.rpm
ppc64le:
libtiff-debuginfo-4.4.0-8.el9_2.ppc64le.rpm
libtiff-debugsource-4.4.0-8.el9_2.ppc64le.rpm
libtiff-tools-4.4.0-8.el9_2.ppc64le.rpm
libtiff-tools-debuginfo-4.4.0-8.el9_2.ppc64le.rpm
s390x:
libtiff-debuginfo-4.4.0-8.el9_2.s390x.rpm
libtiff-debugsource-4.4.0-8.el9_2.s390x.rpm
libtiff-tools-4.4.0-8.el9_2.s390x.rpm
libtiff-tools-debuginfo-4.4.0-8.el9_2.s390x.rpm
x86_64:
libtiff-debuginfo-4.4.0-8.el9_2.x86_64.rpm
libtiff-debugsource-4.4.0-8.el9_2.x86_64.rpm
libtiff-tools-4.4.0-8.el9_2.x86_64.rpm
libtiff-tools-debuginfo-4.4.0-8.el9_2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-48281
https://access.redhat.com/security/cve/CVE-2023-0795
https://access.redhat.com/security/cve/CVE-2023-0796
https://access.redhat.com/security/cve/CVE-2023-0797
https://access.redhat.com/security/cve/CVE-2023-0798
https://access.redhat.com/security/cve/CVE-2023-0799
https://access.redhat.com/security/cve/CVE-2023-0800
https://access.redhat.com/security/cve/CVE-2023-0801
https://access.redhat.com/security/cve/CVE-2023-0802
https://access.redhat.com/security/cve/CVE-2023-0803
https://access.redhat.com/security/cve/CVE-2023-0804
https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBZJNw3tzjgjWX9erEAQj0oxAAhzSddta1naIRPjnMycqfY1HI+YaJYdAy
CpH+rSz6Ff+QjgqByMU8t9QaoYmjRsatR7DhIU5CKt0+8bGUFTBQdTqDUJnYL4F9
w2YMdm5Xl9rh9QrxUB3G2P8BnJyOIvKTiRBRYfpw9XpV0iDq+g3cjkF+YuCRyqeU
e0ShOUOYJx7J0xB3WPFFIj76QlmvS58143VC4I6M8NMjUsBpqcTecIzd3iDMOXNO
c/tYqcfZuP/8pSPM4aqx/hYinNH8YD5LJ6cyZo43Wj+foXWJASzRbBTJEzJQyVlZ
vQ/b+uFapC/ueXkI+zPh+53kfZc3zHUCQGMqroHvX3r/f0UaBAa+Un3ehKQMuK40
3iH81CnAIfp2aBQGewI0SOoxFbHeYdhH2bVQn6PSsZZ8IjQz/uEBj00SluEoauVP
WAESoq/dhgT81mxJdU+5tChWzV2gZdOqPSCVo9fYFyR5B0lcmuaDlGgmX+ppCrXn
Kq2CQS6A7t55T9D8dV2R/PzG22b5va461+o5glGkmCCHwn8E5At0Rzp3k2W22YoA
Pq0dQq6TUE0RHXI2zCkE7BKs4OepPTnGH0EiuJRGPdhDOq9qQjfe78/MQyN389sz
GjmnSbMuXMH6XIVhC8+lH9EWNTHLf04SSi5wgIyPuB8k0hD+CowzyH7A95Y4Ndl8
1bWeHjx+RSM=
=n7mF
-----END PGP SIGNATURE-----
–
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Related news
Red Hat Security Advisory 2023-5447-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.
The Migration Toolkit for Containers (MTC) 1.8.0 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-26115: A flaw was found in the Node.js word-wrap module, where it is vulnerable to a denial of service caused by a Regular expression denial of service (ReDoS) issue in the result variable. By sending a specially crafted regex input, a remote attacker can cause a denial of service.
Red Hat Security Advisory 2023-5353-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include an out of bounds write vulnerability.
Red Hat Security Advisory 2023-5314-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.
OpenShift API for Data Protection (OADP) 1.1.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21698: A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability. * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream cou...
The Migration Toolkit for Containers (MTC) 1.7.12 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24532: A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.
Ubuntu Security Notice 6290-1 - It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files with the tiffcrop utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that LibTIFF incorrectly handled certain image files. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04.
Red Hat Security Advisory 2023-4289-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.
Red Hat Security Advisory 2023-4286-01 - Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.
OpenShift API for Data Protection (OADP) 1.0.11 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24540: A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.
An update is now available for Red Hat OpenShift Logging Subsystem 5.7.3 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-26115: A flaw was found in the Node.js word-wrap module, where it is vulnerable to a denial of service caused by a Regular expression denial of service (ReDoS) issue in the result variable. By sending a specially crafted regex input, a remote attacker can cause a denial of service. * CVE-2023-26136: A flaw was found in the tough-cookie package. Affec...
Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
Ubuntu Security Notice 5923-1 - It was discovered that LibTIFF could be made to read out of bounds when processing certain malformed image files with the tiffcrop tool. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service. It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files with the tiffcrop tool. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 5923-1 - It was discovered that LibTIFF could be made to read out of bounds when processing certain malformed image files with the tiffcrop tool. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service. It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files with the tiffcrop tool. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 5923-1 - It was discovered that LibTIFF could be made to read out of bounds when processing certain malformed image files with the tiffcrop tool. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service. It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files with the tiffcrop tool. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 5923-1 - It was discovered that LibTIFF could be made to read out of bounds when processing certain malformed image files with the tiffcrop tool. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service. It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files with the tiffcrop tool. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 5923-1 - It was discovered that LibTIFF could be made to read out of bounds when processing certain malformed image files with the tiffcrop tool. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service. It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files with the tiffcrop tool. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 5923-1 - It was discovered that LibTIFF could be made to read out of bounds when processing certain malformed image files with the tiffcrop tool. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service. It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files with the tiffcrop tool. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 5923-1 - It was discovered that LibTIFF could be made to read out of bounds when processing certain malformed image files with the tiffcrop tool. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service. It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files with the tiffcrop tool. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 5923-1 - It was discovered that LibTIFF could be made to read out of bounds when processing certain malformed image files with the tiffcrop tool. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service. It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files with the tiffcrop tool. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 5923-1 - It was discovered that LibTIFF could be made to read out of bounds when processing certain malformed image files with the tiffcrop tool. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service. It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files with the tiffcrop tool. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 5923-1 - It was discovered that LibTIFF could be made to read out of bounds when processing certain malformed image files with the tiffcrop tool. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service. It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files with the tiffcrop tool. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service, or possibly execute arbitrary code.
Debian Linux Security Advisory 5361-1 - Several flaws were found in tiffcrop, a program distributed by tiff, the Tag Image File Format (TIFF) library and tools. A specially crafted tiff file can lead to an out-of-bounds write or read resulting in a denial of service.
Debian Linux Security Advisory 5361-1 - Several flaws were found in tiffcrop, a program distributed by tiff, the Tag Image File Format (TIFF) library and tools. A specially crafted tiff file can lead to an out-of-bounds write or read resulting in a denial of service.
Debian Linux Security Advisory 5361-1 - Several flaws were found in tiffcrop, a program distributed by tiff, the Tag Image File Format (TIFF) library and tools. A specially crafted tiff file can lead to an out-of-bounds write or read resulting in a denial of service.
Debian Linux Security Advisory 5361-1 - Several flaws were found in tiffcrop, a program distributed by tiff, the Tag Image File Format (TIFF) library and tools. A specially crafted tiff file can lead to an out-of-bounds write or read resulting in a denial of service.
Debian Linux Security Advisory 5361-1 - Several flaws were found in tiffcrop, a program distributed by tiff, the Tag Image File Format (TIFF) library and tools. A specially crafted tiff file can lead to an out-of-bounds write or read resulting in a denial of service.
Debian Linux Security Advisory 5361-1 - Several flaws were found in tiffcrop, a program distributed by tiff, the Tag Image File Format (TIFF) library and tools. A specially crafted tiff file can lead to an out-of-bounds write or read resulting in a denial of service.
Debian Linux Security Advisory 5361-1 - Several flaws were found in tiffcrop, a program distributed by tiff, the Tag Image File Format (TIFF) library and tools. A specially crafted tiff file can lead to an out-of-bounds write or read resulting in a denial of service.
Debian Linux Security Advisory 5361-1 - Several flaws were found in tiffcrop, a program distributed by tiff, the Tag Image File Format (TIFF) library and tools. A specially crafted tiff file can lead to an out-of-bounds write or read resulting in a denial of service.
Debian Linux Security Advisory 5361-1 - Several flaws were found in tiffcrop, a program distributed by tiff, the Tag Image File Format (TIFF) library and tools. A specially crafted tiff file can lead to an out-of-bounds write or read resulting in a denial of service.
Debian Linux Security Advisory 5361-1 - Several flaws were found in tiffcrop, a program distributed by tiff, the Tag Image File Format (TIFF) library and tools. A specially crafted tiff file can lead to an out-of-bounds write or read resulting in a denial of service.
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
Ubuntu Security Notice 5841-1 - It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue was only fixed in Ubuntu 14.04 ESM. It was discovered that LibTIFF was incorrectly accessing a data structure when processing data with the tiffcrop tool, which could lead to a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
Debian Linux Security Advisory 5333-1 - Several buffer overflow, divide by zero or out of bounds read/write vulnerabilities were discovered in tiff, the Tag Image File Format (TIFF) library and tools, which may cause denial of service when processing a crafted TIFF image.
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.