Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS-2023-1830

Related Vulnerabilities: CVE-2023-0795   CVE-2023-0796   CVE-2023-0797   CVE-2023-0798  

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. (CVE-2023-0795) LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. (CVE-2023-0796) LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. (CVE-2023-0797) LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. (CVE-2023-0798)

Source

ALAS-2023-1830

Amazon Linux AMI Security Advisory: ALAS-2023-1830
Advisory Release Date: 2023-09-13 23:15 Pacific
Advisory Updated Date: 2023-09-25 20:12 Pacific
Severity: Medium
Issue Overview:

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. (CVE-2023-0795)

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. (CVE-2023-0796)

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. (CVE-2023-0797)

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. (CVE-2023-0798)


Affected Packages:

libtiff


Issue Correction:
Run yum update libtiff to update your system.

New Packages:
i686:
    libtiff-static-4.0.3-35.45.amzn1.i686
    libtiff-devel-4.0.3-35.45.amzn1.i686
    libtiff-debuginfo-4.0.3-35.45.amzn1.i686
    libtiff-4.0.3-35.45.amzn1.i686

src:
    libtiff-4.0.3-35.45.amzn1.src

x86_64:
    libtiff-devel-4.0.3-35.45.amzn1.x86_64
    libtiff-4.0.3-35.45.amzn1.x86_64
    libtiff-static-4.0.3-35.45.amzn1.x86_64
    libtiff-debuginfo-4.0.3-35.45.amzn1.x86_64

Additional References

Red Hat: CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798

Mitre: CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started