Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:0753-1

Опубликовано: 28 фев. 2025
Источник: suse-cvrf

Описание

Security update for tiff

This update for tiff fixes the following issues:

  • CVE-2023-25435: Heap-buffer-overflow in extractContigSamplesShifted8bits() in tiffcrop.c (bsc#1212607).
  • CVE-2023-52356: Segment fault in libtiff in TIFFReadRGBATileExt() leading to denial of service (bsc#1219213).

Other bugfixes:

  • Fixed tiff build issue on s390x as test 12 test_directory fails (bsc#1236834).

Список пакетов

Container containers/open-webui:0
libtiff6-4.7.0-150600.3.8.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
libtiff-devel-4.7.0-150600.3.8.1
libtiff6-4.7.0-150600.3.8.1
libtiff6-32bit-4.7.0-150600.3.8.1
SUSE Linux Enterprise Module for Package Hub 15 SP6
tiff-4.7.0-150600.3.8.1
openSUSE Leap 15.6
libtiff-devel-4.7.0-150600.3.8.1
libtiff-devel-32bit-4.7.0-150600.3.8.1
libtiff6-4.7.0-150600.3.8.1
libtiff6-32bit-4.7.0-150600.3.8.1
tiff-4.7.0-150600.3.8.1

Ссылки

Описание

libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753.

Затронутые продукты
Container containers/open-webui:0:libtiff6-4.7.0-150600.3.8.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libtiff-devel-4.7.0-150600.3.8.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libtiff6-32bit-4.7.0-150600.3.8.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libtiff6-4.7.0-150600.3.8.1
Ссылки

Описание

A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.

Затронутые продукты
Container containers/open-webui:0:libtiff6-4.7.0-150600.3.8.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libtiff-devel-4.7.0-150600.3.8.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libtiff6-32bit-4.7.0-150600.3.8.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libtiff6-4.7.0-150600.3.8.1
Ссылки