Msrc Cm1 Libtiff 4.5.0-1 On Cbl Mariner 1.0 vulnerabilities

CVE-2022-4645 [MEDIUM] CWE-125 LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit e8131125. FAQ: Is Azure Linux the only Micros

CVE-2023-0798 [MEDIUM] CWE-125 LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fi LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit afaabc3e. FAQ: Is Azure Linux the only M

CVE-2023-0801 [MEDIUM] CWE-787 LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368 invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778 allowing attackers to cause a denial-of-service via a crafted LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368 invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is av

CVE-2023-0799 [MEDIUM] CWE-416 LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fi LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit afaabc3e. FAQ: Is Azure Linux the only M

CVE-2023-0796 [MEDIUM] CWE-125 LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fi LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit afaabc3e. FAQ: Is Azure Linux the only M

CVE-2023-0803 [MEDIUM] CWE-787 LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the f LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit 33aee127. FAQ: Is Azure Linux the only

CVE-2023-0797 [MEDIUM] CWE-125 LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368 invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921 allowing attackers to cause a denial-of-service via a crafted t LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368 invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is ava

CVE-2023-0802 [MEDIUM] CWE-787 LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the f LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit 33aee127. FAQ: Is Azure Linux the only

CVE-2023-0804 [MEDIUM] CWE-787 LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the f LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit 33aee127. FAQ: Is Azure Linux the only

CVE-2022-2868 [MEDIUM] CWE-1284 libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop. libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library a

CVE-2022-2867 [MEDIUM] CWE-191 libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases furth

CVE-2022-2869 [MEDIUM] CWE-191 libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw most likely by tricking a user into opening the crafted f

CVE-2022-34526 [MEDIUM] CWE-787 A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the "tiffsp A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the "tiffsplit" or "tiffcrop" utilities. FAQ: Is Azure Linux the only Microso