libtiff-4.0.3-35.0.1.el7.AXS7
エラータID: AXSA:2024-8709:04
The libtiff package contains a library of functions for manipulating TIFF
(Tagged Image File Format) image format files. TIFF is a widely used file
format for bitmapped images. TIFF files usually end in the .tif extension and
they are often quite large.
The libtiff package should be installed if you need to manipulate TIFF format
image files.
Security Fix(es):
* CVE-2023-52356: added proper validation and boundary checks to prevent the
SEGV and potential heap-buffer overflow
* CVE-2023-52355: added functionality to set a maximum possible allocation size
in bytes in order to prevent out-of-memory issues when opening a TIFF file and
added memory limit option in tools
CVE(s):
CVE-2023-52355
An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.
CVE-2023-52356
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.
Update packages.
An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.
N/A
Asianux Server 7 for x86_64
- libtiff-4.0.3-35.0.1.el7.AXS7.i686.rpm
MD5: 4a41829f693c1f2f9300e85d5e42f2a4
SHA-256: 694a5d1d17c65be26673b9fd3fdaa3f165fdbfc9c38480e1cc1656f7afd500a2
Size: 175.83 kB - libtiff-4.0.3-35.0.1.el7.AXS7.x86_64.rpm
MD5: 3194ac0d21b8ceda2b9a92aa39e45f71
SHA-256: 9b8ab7393dc6e6d22442739372eb06119c6b22e09efea3a9605bbad39294f4c5
Size: 172.86 kB - libtiff-devel-4.0.3-35.0.1.el7.AXS7.i686.rpm
MD5: 700cc02fbe5483054210906344e44c98
SHA-256: 4a5fec69c2ea8561f846dc77e5340df42c33742adf0c45addeae276e020bb3d5
Size: 474.34 kB - libtiff-devel-4.0.3-35.0.1.el7.AXS7.x86_64.rpm
MD5: 3db03aa47b2d280be546eccec92d8912
SHA-256: 0b14d180f2e771944fb374c02cb80f29d886145df07ae7e01157956dc0e72596
Size: 474.32 kB