INFSA-2024:5079: LibTIFF security update
Information about definition
Identificator: INFSA-2024:5079
Type: security
Release date: 2024-08-23 19:09:43 UTC
Information about package
The LibTIFF packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.
Vulnerabilities description
- CVE-2018-15209
ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf.
- CVE-2023-25433
libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV.
- CVE-2023-52356
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.
- CVE-2023-6228
An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2018-15209
|
no information | 5.3 | no information |
|
NIST — CVE-2023-25433
|
no information | 5.5 | no information |
|
NIST — CVE-2023-52356
|
no information | 7.5 | no information |
|
NIST — CVE-2023-6228
|
no information | 5.5 | no information |
Updated packages