Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 904424 (CVE-2023-1916, CVE-2023-25434, CVE-2023-26965, CVE-2023-2731) - <media-libs/tiff-4.5.1: multiple vulnerabilities
Summary: <media-libs/tiff-4.5.1: multiple vulnerabilities
Status: IN_PROGRESS
Alias: CVE-2023-1916, CVE-2023-25434, CVE-2023-26965, CVE-2023-2731
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL:
Whiteboard: C4 [noglsa cleanup]
Keywords:
Depends on: 911012
Blocks:
  Show dependency tree
 
Reported: 2023-04-17 04:45 UTC by John Helmert III
Modified: 2023-11-30 07:36 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-04-17 04:45:34 UTC 
CVE-2023-1916 (https://gitlab.com/libtiff/libtiff/-/issues/536):
https://gitlab.com/libtiff/libtiff/-/issues/537

A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x.

Redhat bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2023-1916
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-05-19 02:56:07 UTC 
CVE-2023-2731 (https://gitlab.com/libtiff/libtiff/-/issues/548):

A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.

Patch is at: https://github.com/libsdl-org/libtiff/commit/9be22b639ea69e102d3847dca4c53ef025e9527b / https://gitlab.com/libtiff/libtiff/-/commit/9be22b639ea69e102d3847dca4c53ef025e9527b
Comment 2 Larry the Git Cow gentoo-dev 2023-06-15 00:23:01 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a25e8483e7d18613a561d6730de74821e956c1a4

commit a25e8483e7d18613a561d6730de74821e956c1a4
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2023-06-15 00:21:54 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-06-15 00:21:54 +0000

    media-libs/tiff: add 4.5.1
    
    Bug: https://bugs.gentoo.org/904424
    Signed-off-by: Sam James <sam@gentoo.org>

 media-libs/tiff/Manifest          |  2 +
 media-libs/tiff/tiff-4.5.1.ebuild | 84 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 86 insertions(+)
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-06-15 05:04:08 UTC 
CVE-2023-25434 (https://gitlab.com/libtiff/libtiff/-/issues/519):

libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215.

Patch is in 4.5.1: https://gitlab.com/libtiff/libtiff/-/commit/c861f25cbcb8b3fe32ab1a0c13ced2d786eeb110

CVE-2023-26965 (https://gitlab.com/libtiff/libtiff/-/merge_requests/472):

loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.

4.5.1 patch: https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68