ALSA-2023:5353
- Source
- https://errata.almalinux.org/8/ALSA-2023-5353.html
- Import Source
- https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2023:5353.json
- Related
- Published
- 2023-09-26T00:00:00Z
- Modified
- 2023-09-27T09:26:35Z
- Details
-
The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.
Security Fix(es):
- libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c (CVE-2023-0800)
- libtiff: out-of-bounds write in TIFFmemcpy() in libtiff/tifunix.c when called by functions in tools/tiffcrop.c (CVE-2023-0801)
- libtiff: out-of-bounds write in extractContigSamplesShifted32bits() in tools/tiffcrop.c (CVE-2023-0802)
- libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c (CVE-2023-0803)
- libtiff: out-of-bounds write in extractContigSamplesShifted24bits() in tools/tiffcrop.c (CVE-2023-0804)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- References
-
- https://access.redhat.com/errata/RHSA-2023:5353
- https://access.redhat.com/security/cve/CVE-2023-0800
- https://access.redhat.com/security/cve/CVE-2023-0801
- https://access.redhat.com/security/cve/CVE-2023-0802
- https://access.redhat.com/security/cve/CVE-2023-0803
- https://access.redhat.com/security/cve/CVE-2023-0804
- https://bugzilla.redhat.com/2170167
- https://bugzilla.redhat.com/2170172
- https://bugzilla.redhat.com/2170178
- https://bugzilla.redhat.com/2170187
- https://bugzilla.redhat.com/2170192
- https://errata.almalinux.org/8/ALSA-2023-5353.html
Affected packages
AlmaLinux:8 / libtiff
Package
- Name
- libtiff
AlmaLinux:8 / libtiff-devel
Package
- Name
- libtiff-devel