Описание
Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| tiff | fixed | 4.4.0-5 | package | |
| tiff | fixed | 4.2.0-1+deb11u3 | bullseye | package |
| tiff | fixed | 4.1.0+git191117-2~deb10u5 | buster | package |
Примечания
https://gitlab.com/libtiff/libtiff/-/issues/538
Likely fixed by: https://gitlab.com/libtiff/libtiff/-/merge_requests/385
https://gitlab.com/libtiff/libtiff/-/commit/f00484b9519df933723deb38fff943dc291a793d (v4.5.0rc1)
Same fix as for CVE-2022-3599, CVE-2023-30086 and CVE-2023-30774.
The fix causes CVE-2023-2908.
Связанные уязвимости
Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.
Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.
Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.
Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.
Уязвимость функции tiffcp (tiffcp.c) библиотеки LibTIFF, позволяющая нарушителю вызвать отказ в обслуживании