[SECURITY] [DLA 3333-1] tiff security update

2023-02-2122:59:14

lists.debian.org

debian lts

tiff package

cve-2023-0795

cve-2023-0796

cve-2023-0797

denial of service

security update

6.8 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.9%

JSON

Debian LTS Advisory DLA-3333-1 [email protected]
https://www.debian.org/lts/security/ Markus Koschany
February 21, 2023 https://wiki.debian.org/LTS

Package : tiff
Version : 4.1.0+git191117-2~deb10u7
CVE ID : CVE-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798
CVE-2023-0799 CVE-2023-0800 CVE-2023-0801 CVE-2023-0802
CVE-2023-0803 CVE-2023-0804
Debian Bug : 1031632

Several flaws were found in tiffcrop, a program distributed by tiff, a library
and tools providing support for the Tag Image File Format (TIFF).
A specially crafted tiff file can lead to an out-of-bounds write or read
resulting in a denial of service.

For Debian 10 buster, these problems have been fixed in version
4.1.0+git191117-2~deb10u7.

We recommend that you upgrade your tiff packages.

For the detailed security status of tiff please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tiff

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: This is a digitally signed message part

OSVersionArchitecturePackageVersionFilename
Debian11ppc64ellibtiff5< 4.2.0-1+deb11u4libtiff5_4.2.0-1+deb11u4_ppc64el.deb
Debian11mipsellibtiff5< 4.2.0-1+deb11u4libtiff5_4.2.0-1+deb11u4_mipsel.deb
Debian11amd64libtiff5< 4.2.0-1+deb11u4libtiff5_4.2.0-1+deb11u4_amd64.deb
Debian10i386libtiff5-dev< 4.1.0+git191117-2~deb10u7libtiff5-dev_4.1.0+git191117-2~deb10u7_i386.deb
Debian11amd64libtiff-tools< 4.2.0-1+deb11u4libtiff-tools_4.2.0-1+deb11u4_amd64.deb
Debian11arm64libtiff-tools< 4.2.0-1+deb11u4libtiff-tools_4.2.0-1+deb11u4_arm64.deb
Debian11alltiff< 4.2.0-1+deb11u4tiff_4.2.0-1+deb11u4_all.deb
Debian11ppc64ellibtiff-tools< 4.2.0-1+deb11u4libtiff-tools_4.2.0-1+deb11u4_ppc64el.deb
Debian11armhflibtiffxx5< 4.2.0-1+deb11u4libtiffxx5_4.2.0-1+deb11u4_armhf.deb
Debian11amd64libtiff-tools-dbgsym< 4.2.0-1+deb11u4libtiff-tools-dbgsym_4.2.0-1+deb11u4_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	ppc64el	libtiff5	< 4.2.0-1+deb11u4	libtiff5_4.2.0-1+deb11u4_ppc64el.deb
Debian	11	mipsel	libtiff5	< 4.2.0-1+deb11u4	libtiff5_4.2.0-1+deb11u4_mipsel.deb
Debian	11	amd64	libtiff5	< 4.2.0-1+deb11u4	libtiff5_4.2.0-1+deb11u4_amd64.deb
Debian	10	i386	libtiff5-dev	< 4.1.0+git191117-2~deb10u7	libtiff5-dev_4.1.0+git191117-2~deb10u7_i386.deb
Debian	11	amd64	libtiff-tools	< 4.2.0-1+deb11u4	libtiff-tools_4.2.0-1+deb11u4_amd64.deb
Debian	11	arm64	libtiff-tools	< 4.2.0-1+deb11u4	libtiff-tools_4.2.0-1+deb11u4_arm64.deb
Debian	11	all	tiff	< 4.2.0-1+deb11u4	tiff_4.2.0-1+deb11u4_all.deb
Debian	11	ppc64el	libtiff-tools	< 4.2.0-1+deb11u4	libtiff-tools_4.2.0-1+deb11u4_ppc64el.deb
Debian	11	armhf	libtiffxx5	< 4.2.0-1+deb11u4	libtiffxx5_4.2.0-1+deb11u4_armhf.deb
Debian	11	amd64	libtiff-tools-dbgsym	< 4.2.0-1+deb11u4	libtiff-tools-dbgsym_4.2.0-1+deb11u4_amd64.deb