MGASA-2023-0080

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2023-0080.html

Import Source

https://advisories.mageia.org/MGASA-2023-0080.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2023-0080

Related

Published

2023-03-01T21:14:31Z

Modified

2023-03-01T20:10:28Z

Summary

Updated libtiff packages fix security vulnerability

Details

Out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. (CVE-2023-0795)

Out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. (CVE-2023-0796)

Out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. (CVE-2023-0797)

Out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. (CVE-2023-0798)

Out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file (CVE-2023-0799)

Out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. (CVE-2023-0800)

Out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. (CVE-2023-0801)

Out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. (CVE-2023-0802)

Out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. (CVE-2023-0803)

Out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. (CVE-2023-0804)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / libtiff

Package

Name: libtiff
Purl: pkg:rpm/mageia/libtiff?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.2.0-1.14.mga8

Ecosystem specific

{
    "section": "core"
}