libtiff-4.4.0-12.el9

エラータID: AXSA:2024-8043:01

Release date: 
Thursday, May 30, 2024 - 20:12
Subject: 
libtiff-4.4.0-12.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es):

* libtiff: infinite loop via a crafted TIFF file (CVE-2022-40090)
* libtiff: segmentation fault in Fax3Encode in libtiff/tif_fax3.c (CVE-2023-3618)
* libtiff: integer overflow in tiffcp.c (CVE-2023-40745)
* libtiff: potential integer overflow in raw2tiff.c (CVE-2023-41175)
* libtiff: heap-based buffer overflow in cpStripToTile() in tools/tiffcp.c (CVE-2023-6228)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the MIRACLE LINUX 9.4 Release Notes linked from the References section.

CVE-2022-40090
An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file.
CVE-2023-3618
A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.
CVE-2023-40745
LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.
CVE-2023-41175
A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.
CVE-2023-6228
An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. libtiff-4.4.0-12.el9.src.rpm
    MD5: 4cc454956d242dece576381939153f55
    SHA-256: f6ab6ec5cabfcd838d760c543579cabffef3416e221f02ada5174e756e66a6ad
    Size: 2.76 MB

Asianux Server 9 for x86_64
  1. libtiff-4.4.0-12.el9.i686.rpm
    MD5: 44f18096d8fb2b59f7fbda1a09b06b7f
    SHA-256: e72e1577b425dec539419fc0798ca18b8d78d76dbc6c5a5f8d09b1ef11c24129
    Size: 214.53 kB
  2. libtiff-4.4.0-12.el9.x86_64.rpm
    MD5: b7efd3da1cbe99adc68c56b96dad0fba
    SHA-256: a2560147870e8154a8f0b49bec5f84ccaba239fbd8a4f188f74564949322199f
    Size: 197.12 kB
  3. libtiff-devel-4.4.0-12.el9.i686.rpm
    MD5: 7dd6edf63e1ed2c8534de160f621fbce
    SHA-256: f8b2732bb281e29c66f4903a08aaa864c20505b643c95bda33c5d78251ee0ca2
    Size: 513.42 kB
  4. libtiff-devel-4.4.0-12.el9.x86_64.rpm
    MD5: 61687883cd987960e8625e061571d06d
    SHA-256: fa393bcd64ab704f6c048253b07eafe51fef376766fd6bc91ef645cd930abfd1
    Size: 513.43 kB
  5. libtiff-tools-4.4.0-12.el9.x86_64.rpm
    MD5: 1b5440cc4affcae3e4dbdff38efebf71
    SHA-256: 7bda40a5ca3b36a7ca6853984dcc856a8b3ac122369a16ba3ee737da52b070d3
    Size: 239.38 kB