Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS2-2023-2236

Related Vulnerabilities: CVE-2023-0795   CVE-2023-0796   CVE-2023-0797   CVE-2023-0798   CVE-2023-0799   CVE-2023-0803  

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. (CVE-2023-0795) LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. (CVE-2023-0796) LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. (CVE-2023-0797) LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. (CVE-2023-0798) LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. (CVE-2023-0799) LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. (CVE-2023-0803)

Source

ALAS2-2023-2236

Amazon Linux 2 Security Advisory: ALAS-2023-2236
Advisory Release Date: 2023-08-31 22:29 Pacific
Advisory Updated Date: 2023-09-07 18:49 Pacific
Severity: Medium
Issue Overview:

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. (CVE-2023-0795)

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. (CVE-2023-0796)

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. (CVE-2023-0797)

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. (CVE-2023-0798)

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. (CVE-2023-0799)

LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. (CVE-2023-0803)


Affected Packages:

libtiff


Issue Correction:
Run yum update libtiff to update your system.

New Packages:
aarch64:
    libtiff-4.0.3-35.amzn2.0.12.aarch64
    libtiff-devel-4.0.3-35.amzn2.0.12.aarch64
    libtiff-static-4.0.3-35.amzn2.0.12.aarch64
    libtiff-tools-4.0.3-35.amzn2.0.12.aarch64
    libtiff-debuginfo-4.0.3-35.amzn2.0.12.aarch64

i686:
    libtiff-4.0.3-35.amzn2.0.12.i686
    libtiff-devel-4.0.3-35.amzn2.0.12.i686
    libtiff-static-4.0.3-35.amzn2.0.12.i686
    libtiff-tools-4.0.3-35.amzn2.0.12.i686
    libtiff-debuginfo-4.0.3-35.amzn2.0.12.i686

src:
    libtiff-4.0.3-35.amzn2.0.12.src

x86_64:
    libtiff-4.0.3-35.amzn2.0.12.x86_64
    libtiff-devel-4.0.3-35.amzn2.0.12.x86_64
    libtiff-static-4.0.3-35.amzn2.0.12.x86_64
    libtiff-tools-4.0.3-35.amzn2.0.12.x86_64
    libtiff-debuginfo-4.0.3-35.amzn2.0.12.x86_64

Additional References

Red Hat: CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0799, CVE-2023-0803

Mitre: CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0799, CVE-2023-0803

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started