Summary: | <media-libs/tiff-4.5.1: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | trivial | CC: | codec |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | C4 [noglsa cleanup] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 911012 | ||
Bug Blocks: |
Description
John Helmert III
2023-04-17 04:45:34 UTC
CVE-2023-2731 (https://gitlab.com/libtiff/libtiff/-/issues/548): A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service. Patch is at: https://github.com/libsdl-org/libtiff/commit/9be22b639ea69e102d3847dca4c53ef025e9527b / https://gitlab.com/libtiff/libtiff/-/commit/9be22b639ea69e102d3847dca4c53ef025e9527b The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a25e8483e7d18613a561d6730de74821e956c1a4 commit a25e8483e7d18613a561d6730de74821e956c1a4 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-06-15 00:21:54 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-06-15 00:21:54 +0000 media-libs/tiff: add 4.5.1 Bug: https://bugs.gentoo.org/904424 Signed-off-by: Sam James <sam@gentoo.org> media-libs/tiff/Manifest | 2 + media-libs/tiff/tiff-4.5.1.ebuild | 84 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 86 insertions(+) CVE-2023-25434 (https://gitlab.com/libtiff/libtiff/-/issues/519): libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215. Patch is in 4.5.1: https://gitlab.com/libtiff/libtiff/-/commit/c861f25cbcb8b3fe32ab1a0c13ced2d786eeb110 CVE-2023-26965 (https://gitlab.com/libtiff/libtiff/-/merge_requests/472): loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image. 4.5.1 patch: https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68 |