QID 356375
Date Published: 2023-10-18
QID 356375: Amazon Linux Security Advisory for libtiff : ALAS2023-2023-364
Libtiff 4.4.0 has an out-of-bounds write in extractcontigsamplesshifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file.
For users that compile libtiff from sources, the fix is available with commit cfbb883b. (
( CVE-2022-3598) processcropselections in tools/tiffcrop.c in libtiff through 4.5.0 has a heap-based buffer overflow (e.g., "write of size 307203") via a crafted tiff image. (
( CVE-2022-48281) a vulnerability was found in libtiff library.
This security flaw causes a heap buffer overflow in extractcontigsamples32bits, tiffcrop.c (cve-2023-30775) multiple potential integer overflow in tiffcp.c in libtiff <= 4.5.1 can allow remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image which triggers a heap-based buffer overflow. (
( CVE-2023-40745) multiple potential integer overflow in raw2tiff.c in libtiff <= 4.5.1 can allow remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image which triggers a heap-based buffer overflow. (
( CVE-2023-41175)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
- ALAS2023-2023-364 -
alas.aws.amazon.com/AL2023/ALAS-2023-364.html
CVEs related to QID 356375
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| ALAS2023-2023-364 | amazon linux 2023 |
alas.aws.amazon.com/AL2023/ALAS-2023-364.html |