INFSA-2024:3059: LibTIFF security update
Information about definition
Identificator: INFSA-2024:3059
Type: security
Release date: 2024-08-23 18:39:58 UTC
Information about package
The LibTIFF packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.
Vulnerabilities description
- CVE-2022-4645
LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2022-4645
|
no information | 5.6 | no information |
Updated packages