Bugzilla – Bug 1208227
VUL-1: CVE-2023-0796: tiff: out of bounds read due to incorrect image rotation
Last modified: 2023-06-22 07:54:24 UTC
CVE-2023-0796 LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0796 https://www.cve.org/CVERecord?id=CVE-2023-0796 https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0796.json https://gitlab.com/libtiff/libtiff/-/issues/499 https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68
This looks like the same bug as bnc#1208226. Therefore, it should only affect: - SUSE:SLE-12:Update - SUSE:SLE-15:Update - openSUSE:Factory
This is an autogenerated message for OBS integration: This bug (1208227) was mentioned in https://build.opensuse.org/request/show/1067182 Factory / tiff
SUSE-SU-2023:2321-1: An update that solves 10 vulnerabilities can now be installed. Category: security (moderate) Bug References: 1208226, 1208227, 1208228, 1208229, 1208230, 1208231, 1208232, 1208233, 1208234, 1208236 CVE References: CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0799, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804 Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): tiff-4.0.9-44.68.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): tiff-4.0.9-44.68.1 SUSE Linux Enterprise Server 12 SP5 (src): tiff-4.0.9-44.68.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): tiff-4.0.9-44.68.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:2334-1: An update that solves 10 vulnerabilities can now be installed. Category: security (moderate) Bug References: 1208226, 1208227, 1208228, 1208229, 1208230, 1208231, 1208232, 1208233, 1208234, 1208236 CVE References: CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0799, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804 Sources used: openSUSE Leap Micro 5.3 (src): tiff-4.0.9-150000.45.28.1 openSUSE Leap 15.4 (src): tiff-4.0.9-150000.45.28.1 openSUSE Leap 15.5 (src): tiff-4.0.9-150000.45.28.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): tiff-4.0.9-150000.45.28.1 SUSE Linux Enterprise Micro 5.3 (src): tiff-4.0.9-150000.45.28.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): tiff-4.0.9-150000.45.28.1 SUSE Linux Enterprise Micro 5.4 (src): tiff-4.0.9-150000.45.28.1 Basesystem Module 15-SP4 (src): tiff-4.0.9-150000.45.28.1 Basesystem Module 15-SP5 (src): tiff-4.0.9-150000.45.28.1 SUSE Package Hub 15 15-SP4 (src): tiff-4.0.9-150000.45.28.1 SUSE Package Hub 15 15-SP5 (src): tiff-4.0.9-150000.45.28.1 SUSE Linux Enterprise Real Time 15 SP3 (src): tiff-4.0.9-150000.45.28.1 SUSE Linux Enterprise Micro 5.2 (src): tiff-4.0.9-150000.45.28.1 SUSE Linux Enterprise Micro for Rancher 5.2 (src): tiff-4.0.9-150000.45.28.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Done, closing.