ALAS2023-2023-230 --- libtiffID: oval:org.secpod.oval:def:19500271 | Date: (C)2024-01-04 (M)2024-02-19 |
Class: PATCH | Family: unix |
LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125. LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. A vulnerability was found in libtiff library. This security flaw causes a heap buffer overflow issue via TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values
Platform: |
Amazon Linux 2023 |