libtiff-4.0.9-28.el8

エラータID: AXSA:2023-6178:06

Release date: 
Friday, June 30, 2023 - 03:11
Subject: 
libtiff-4.0.9-28.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es):

* libtiff: heap-based buffer overflow in processCropSelections() in tools/tiffcrop.c (CVE-2022-48281)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-48281
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.

Solution: 

Update packages.

CVEs: 
CVE-2022-48281
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.
Additional Info: 

N/A

Download: 

SRPMS
  1. libtiff-4.0.9-28.el8.src.rpm
    MD5: 37f46599d73c21c99ad4471440d37be8
    SHA-256: 18b1fa0825be5ed11bdca60bb4aeb8606b88d3d04de6c41de837b4cb1af22367
    Size: 2.27 MB

Asianux Server 8 for x86_64
  1. libtiff-4.0.9-28.el8.i686.rpm
    MD5: 75c71ff9311d9943146099d8e7e45925
    SHA-256: a88b47a7512c7cc60f9ea6e85f088e125a199a02c6ec542386595f420f963b05
    Size: 202.72 kB
  2. libtiff-4.0.9-28.el8.x86_64.rpm
    MD5: bcc72fd72c216ddc7cb1ea844f2290d7
    SHA-256: 13f2264fbec02d2a1b330456b713d6553242b65073bfeb51e2963f5bf0b52de8
    Size: 188.02 kB
  3. libtiff-devel-4.0.9-28.el8.i686.rpm
    MD5: 7b9f3a5edd1c46191143f008f3360d96
    SHA-256: f98e79d1b6d95b76f09c90b5379089009eea9cbdbee7ff8a15447cc0678d1f9c
    Size: 511.09 kB
  4. libtiff-devel-4.0.9-28.el8.x86_64.rpm
    MD5: 24d2ec9a718ba5b1bd84fd8726af575d
    SHA-256: be30601d4ee4bbc17227f01ccc553444acd8dc74da817df81af8a2232009f290
    Size: 511.09 kB
  5. libtiff-tools-4.0.9-28.el8.x86_64.rpm
    MD5: 8ece699ba67a748c6e0baefe307a2979
    SHA-256: 24ac8095624593d6bcacbe0be2b46f4eb93b6e85afb0623526b96af0b72212e6
    Size: 253.91 kB