Bugzilla – Bug 1219213
VUL-0: CVE-2023-52356: tiff: libtiff: Segment fault in libtiff in TIFFReadRGBATileExt() leading to denial of service
Last modified: 2024-02-22 16:30:05 UTC
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52356 https://gitlab.com/libtiff/libtiff/-/merge_requests/546 https://www.cve.org/CVERecord?id=CVE-2023-52356 https://access.redhat.com/security/cve/CVE-2023-52356 https://bugzilla.redhat.com/show_bug.cgi?id=2251344 https://gitlab.com/libtiff/libtiff/-/issues/622 Patch: https://gitlab.com/libtiff/libtiff/-/commit/51558511bdbbcffdce534db21dbaf5d54b31638a
Tracking as affected: - SUSE:ALP:Source:Standard:1.0/tiff 4.6.0 - SUSE:SLE-12:Update/tiff 4.0.9 - SUSE:SLE-15:Update/tiff 4.0.9 - openSUSE:Factory/tiff 4.6.0
SR#319355 to SUSE_SLE-12_Update SR#319356 to SUSE_SLE-15_Update SR#1141711 to Factory SR#319357 to SUSE:ALP:Source:Standard:1.0
This is an autogenerated message for OBS integration: This bug (1219213) was mentioned in https://build.opensuse.org/request/show/1141711 Factory / tiff
SUSE-SU-2024:0594-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1219213 CVE References: CVE-2023-52356 Sources used: openSUSE Leap Micro 5.3 (src): tiff-4.0.9-150000.45.38.1 openSUSE Leap Micro 5.4 (src): tiff-4.0.9-150000.45.38.1 openSUSE Leap 15.5 (src): tiff-4.0.9-150000.45.38.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): tiff-4.0.9-150000.45.38.1 SUSE Linux Enterprise Micro 5.3 (src): tiff-4.0.9-150000.45.38.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): tiff-4.0.9-150000.45.38.1 SUSE Linux Enterprise Micro 5.4 (src): tiff-4.0.9-150000.45.38.1 SUSE Linux Enterprise Micro 5.5 (src): tiff-4.0.9-150000.45.38.1 Basesystem Module 15-SP5 (src): tiff-4.0.9-150000.45.38.1 SUSE Package Hub 15 15-SP5 (src): tiff-4.0.9-150000.45.38.1 SUSE Linux Enterprise Micro 5.2 (src): tiff-4.0.9-150000.45.38.1 SUSE Linux Enterprise Micro for Rancher 5.2 (src): tiff-4.0.9-150000.45.38.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:0593-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1219213 CVE References: CVE-2023-52356 Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): tiff-4.0.9-44.77.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): tiff-4.0.9-44.77.1 SUSE Linux Enterprise Server 12 SP5 (src): tiff-4.0.9-44.77.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): tiff-4.0.9-44.77.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.