Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2024:5079

Опубликовано: 21 авг. 2024
Источник: rocky
Оценка: Moderate

Описание

Moderate: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es):

  • libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c (CVE-2018-15209)

  • libtiff: Buffer Overflow via /libtiff/tools/tiffcrop.c (CVE-2023-25433)

  • libtiff: heap-based buffer overflow in cpStripToTile() in tools/tiffcp.c (CVE-2023-6228)

  • libtiff: Segment fault in libtiff in TIFFReadRGBATileExt() leading to denial of service (CVE-2023-52356)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
libtiffx86_6432.el8_10libtiff-4.0.9-32.el8_10.x86_64.rpm
libtiff-develx86_6432.el8_10libtiff-devel-4.0.9-32.el8_10.x86_64.rpm

Показывать по

Связанные CVE

CVE-2018-15209
CVE-2023-25433
CVE-2023-52356
CVE-2023-6228

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2024-5079

oracle-oval
11 месяцев назад

ELSA-2024-5079: libtiff security update (MODERATE)

ubuntu логотип

CVE-2018-15209

CVSS3: 8.8
ubuntu
почти 7 лет назад

ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf.

redhat логотип

CVE-2018-15209

CVSS3: 5.3
redhat
почти 7 лет назад

ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf.

nvd логотип

CVE-2018-15209

CVSS3: 8.8
nvd
почти 7 лет назад

ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf.

debian логотип

CVE-2018-15209

CVSS3: 8.8
debian
почти 7 лет назад

ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows ...