Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2023-0797

LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.

Related bugs and status

CVE-2023-0797 (Candidate) is related to these bugs:

Bug #2012540: Please merge tiff 4.5.0-5 from Debian unstable

Summary				In	Importance	Status
	2012540	Please merge tiff 4.5.0-5 from Debian unstable		tiff (Ubuntu)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://gitlab.com/git...
MISC: https://gitlab.com/lib...
MISC: https://gitlab.com/lib...
MLIST: [debian-lts-announce] ...
DEBIAN: DSA-5361
GENTOO: GLSA-202305-31