|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-1: CVE-2023-6228: tiff: out of bounds read in cpStripToTile() in tiffcp utlitity | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | SMASH SMASH <smash_bz> |
| Component: | Incidents | Assignee: | Michael Vetter <mvetter> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P5 - None | CC: | carlos.lopez |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/385714/ | ||
| Whiteboard: | CVSSv3.1:SUSE:CVE-2023-6228:3.3:(AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
SMASH SMASH
2023-11-21 08:33:12 UTC
tiffcp got removed in tiff 4.6.0. For earlier versions: In the mentioned bug they say "without JPEG library, I can reproduce the issue. But with JPEG support enabled there is no segmentation fault.". We have `BuildRequires: libjpeg-devel`. (In reply to Michael Vetter from comment #2) > tiffcp got removed in tiff 4.6.0. > > For earlier versions: > In the mentioned bug they say "without JPEG library, I can reproduce the > issue. But with JPEG support enabled there is no segmentation fault.". > > We have `BuildRequires: libjpeg-devel`. Thanks for checking. The proof of concept also did not reproduce for any codestreams, with the exception of SUSE:SLE-11:Update, which I did not manage to test because I could not get the package to build. Since we have jpeg support I'll track it as not affected as well. Nothing to do, closing. |