MGASA-2023-0080

Source
https://advisories.mageia.org/MGASA-2023-0080.html
Import Source
https://advisories.mageia.org/MGASA-2023-0080.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2023-0080
Related
Published
2023-03-01T21:14:31Z
Modified
2023-03-01T20:10:28Z
Summary
Updated libtiff packages fix security vulnerability
Details

Out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. (CVE-2023-0795)

Out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. (CVE-2023-0796)

Out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. (CVE-2023-0797)

Out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. (CVE-2023-0798)

Out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file (CVE-2023-0799)

Out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. (CVE-2023-0800)

Out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. (CVE-2023-0801)

Out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. (CVE-2023-0802)

Out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. (CVE-2023-0803)

Out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. (CVE-2023-0804)

References
Credits

Affected packages

Mageia:8 / libtiff

Package

Name
libtiff
Purl
pkg:rpm/mageia/libtiff?distro=mageia-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.2.0-1.14.mga8

Ecosystem specific

{
    "section": "core"
}