Debian Tiff vulnerabilities

CVE-2023-2908 [MEDIUM] CVE-2023-2908: tiff - A null pointer dereference issue was found in Libtiff's tif_dir.c file. This iss... A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service. Scope: local bookworm: resolved (fixed in 4.5.0-6+deb12u2) bul

CVE-2023-0802 [MEDIUM] CVE-2023-0802: tiff - LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, a... LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Scope: local bookworm: resolved (fixed in 4.5.0-5) bullseye: resolved (fixed in 4.2.0-1+deb11u4) forky: resolved (fixed in 4.5.0-5)

CVE-2023-0801 [MEDIUM] CVE-2023-0801: tiff - LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, ... LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Scope: local bookworm: resolved (fixed in 4.5.0-5) bullseye: resolved

CVE-2023-3576 [MEDIUM] CVE-2023-3576: tiff - A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs wh... A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service. Scope: local bookworm: resolved (fixed in 4.5.0-6+deb12u1) b

CVE-2023-0804 [MEDIUM] CVE-2023-0804: tiff - LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, a... LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Scope: local bookworm: resolved (fixed in 4.5.0-5) bullseye: resolved (fixed in 4.2.0-1+deb11u4) forky: resolved (fixed in 4.5.0-5)

CVE-2023-3316 [MEDIUM] CVE-2023-3316: tiff - A NULL pointer dereference in TIFFClose() is caused by a failure to open an outp... A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones. Scope: local bookworm: resolved (fixed in 4.5.0-5) bullseye: resolved (fixed in 4.2.0-1+deb11u6) forky: resolved (fixed in 4.5.0-5) sid: resolved (fixed in 4.5.0-5) trixie: resolved (fixed

CVE-2023-30774 [MEDIUM] CVE-2023-30774: tiff - A vulnerability was found in the libtiff library. This flaw causes a heap buffer... A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values. Scope: local bookworm: resolved (fixed in 4.4.0-5) bullseye: resolved (fixed in 4.2.0-1+deb11u3) forky: resolved (fixed in 4.4.0-5) sid: resolved (fixed in 4.4.0-5) trixie: resolved (fixed in 4.4.0-5)

CVE-2023-26965 [MEDIUM] CVE-2023-26965: tiff - loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use af... loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image. Scope: local bookworm: resolved (fixed in 4.5.0-6+deb12u2) bullseye: resolved (fixed in 4.2.0-1+deb11u6) forky: resolved (fixed in 4.5.1~rc3-1) sid: resolved (fixed in 4.5.1~rc3-1) trixie: resolved (fixed in 4.5.1~rc3-1)

CVE-2023-26966 [MEDIUM] CVE-2023-26966: tiff - libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads... libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian. Scope: local bookworm: resolved (fixed in 4.5.0-6+deb12u2) bullseye: resolved (fixed in 4.2.0-1+deb11u6) forky: resolved (fixed in 4.5.1~rc3-1) sid: resolved (fixed in 4.5.1~rc3-1) trixie: resolved (fixed in 4

CVE-2023-0798 [MEDIUM] CVE-2023-0798: tiff - LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, al... LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Scope: local bookworm: resolved (fixed in 4.5.0-5) bullseye: resolved (fixed in 4.2.0-1+deb11u4) forky: resolved (fixed in 4.5.0-5)

CVE-2023-0797 [MEDIUM] CVE-2023-0797: tiff - LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, i... LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Scope: local bookworm: resolved (fixed in 4.5.0-5) bullseye: resolved (

CVE-2023-0799 [MEDIUM] CVE-2023-0799: tiff - LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, al... LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Scope: local bookworm: resolved (fixed in 4.5.0-5) bullseye: resolved (fixed in 4.2.0-1+deb11u4) forky: resolved (fixed in 4.5.0-5)

CVE-2023-6277 [MEDIUM] CVE-2023-6277: tiff - An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFO... An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 4.5.1+git230720-2) sid: resolved (fixed in 4.5.1+git230720-2) trixie: resolved (fixed in 4.5.1+git230720-2

CVE-2023-3618 [MEDIUM] CVE-2023-3618: tiff - A flaw was found in libtiff. A specially crafted tiff file can lead to a segment... A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service. Scope: local bookworm: resolved (fixed in 4.5.0-6+deb12u2) bullseye: resolved (fixed in 4.2.0-1+deb11u6) forky: resolved (fixed in 4.5.1~rc3-1) sid: resolved (fixed in 4.

CVE-2023-25433 [MEDIUM] CVE-2023-25433: tiff - libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:849... libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV. Scope: local bookworm: resolved (fixed in 4.5.0-6+deb12u2) bullseye: resolved (fixed in 4.2.0-1+deb11u6) forky: resolved (fixed in 4.5.1~rc3-1) sid: resolved (fixed in 4.5.1~rc3-1) tr

CVE-2023-0800 [MEDIUM] CVE-2023-0800: tiff - LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, a... LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Scope: local bookworm: resolved (fixed in 4.5.0-5) bullseye: resolved (fixed in 4.2.0-1+deb11u4) forky: resolved (fixed in 4.5.0-5)

CVE-2023-25435 [MEDIUM] CVE-2023-25435: tiff - libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8b... libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753. Scope: local bookworm: resolved (fixed in 4.5.0-5) bullseye: resolved (fixed in 4.2.0-1+deb11u4) forky: resolved (fixed in 4.5.0-5) sid: resolved (fixed in 4.5.0-5) trixie: resolved (fixed in 4.5.0-5)

CVE-2023-30086 [MEDIUM] CVE-2023-30086: tiff - Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker t... Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c. Scope: local bookworm: resolved (fixed in 4.4.0-5) bullseye: resolved (fixed in 4.2.0-1+deb11u3) forky: resolved (fixed in 4.4.0-5) sid: resolved (fixed in 4.4.0-5) trixie: resolved (fixed in 4.4.0-5)

CVE-2023-2731 [MEDIUM] CVE-2023-2731: tiff - A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in t... A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service. Scope: local bookworm: resolved (fixed in 4.5.0-6) bul

CVE-2023-41175 [MEDIUM] CVE-2023-41175: tiff - A vulnerability was found in libtiff due to multiple potential integer overflows... A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 4.5.0-6+deb12u1) bullseye: resolved (fixed in 4.2.0-1+deb11