Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-5567-1:73E9C
HistoryNov 27, 2023 - 5:04 a.m.

[SECURITY] [DSA 5567-1] tiff security update

2023-11-2705:04:24
lists.debian.org
20
memory leaks
debian
cve-2023-3576
cve-2023-40745
denial of service
upgrade
cve-2023-41175
tiff
stable distribution
buffer overflows
oldstable distribution
security update

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

41.2%

JSON

Debian Security Advisory DSA-5567-1 [email protected]
https://www.debian.org/security/ Aron Xu
November 27, 2023 https://www.debian.org/security/faq

Package : tiff
CVE ID : CVE-2023-3576 CVE-2023-40745 CVE-2023-41175
Debian Bug :

Brief introduction

Multiple buffer overflows and memory leak issues have been found in tiff,
the Tag Image File Format (TIFF) library and tools, which may cause denial
of service when processing a crafted TIFF image.

For the oldstable distribution (bullseye), these problems have been fixed
in version 4.2.0-1+deb11u5.

For the stable distribution (bookworm), these problems have been fixed in
version 4.5.0-6+deb12u1.

We recommend that you upgrade your tiff packages.

For the detailed security status of tiff please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tiff

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian12armhflibtiff-tools-dbgsym< 4.5.0-6+deb12u1libtiff-tools-dbgsym_4.5.0-6+deb12u1_armhf.deb
Debian12armhflibtiff6-dbgsym< 4.5.0-6+deb12u1libtiff6-dbgsym_4.5.0-6+deb12u1_armhf.deb
Debian11s390xlibtiff-tools-dbgsym< 4.2.0-1+deb11u5libtiff-tools-dbgsym_4.2.0-1+deb11u5_s390x.deb
Debian11armhflibtiff-dev< 4.2.0-1+deb11u5libtiff-dev_4.2.0-1+deb11u5_armhf.deb
Debian12alltiff< 4.5.0-6+deb12u1tiff_4.5.0-6+deb12u1_all.deb
Debian10i386libtiff-dev< 4.1.0+git191117-2~deb10u9libtiff-dev_4.1.0+git191117-2~deb10u9_i386.deb
Debian11arm64libtiffxx5< 4.2.0-1+deb11u5libtiffxx5_4.2.0-1+deb11u5_arm64.deb
Debian12mips64ellibtiffxx6< 4.5.0-6+deb12u1libtiffxx6_4.5.0-6+deb12u1_mips64el.deb
Debian10arm64libtiff-opengl-dbgsym< 4.1.0+git191117-2~deb10u9libtiff-opengl-dbgsym_4.1.0+git191117-2~deb10u9_arm64.deb
Debian10arm64libtiff-dev< 4.1.0+git191117-2~deb10u8libtiff-dev_4.1.0+git191117-2~deb10u8_arm64.deb
Rows per page:
1-10 of 2521

Related

osv 9
nessus 42
openvas 27
mageia 1
redos 1
photon 3
cbl_mariner 2
debiancve 3
ubuntucve 3
oraclelinux 2
almalinux 2
veracode 3
redhatcve 3
prion 3
nvd 3
amazon 4
redhat 8
cvelist 3
ibm 5
cve 3
vulnrichment 1
ubuntu 1
cloudfoundry 1
debian 1
hp 1
osv
osv
tiff - security update
2023-11-27 00:00:00
Moderate: libtiff security update
2024-04-30 00:00:00
CVE-2023-40745
2023-10-05 19:15:11
nessus
nessus
Debian DSA-5567-1 : tiff - security update
2023-11-27 00:00:00
Photon OS 5.0: Libtiff PHSA-2023-5.0-0125
2024-07-23 00:00:00
Photon OS 4.0: Libtiff PHSA-2023-4.0-0497
2024-07-24 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5567-1)
2023-11-28 00:00:00
Mageia: Security Advisory (MGASA-2024-0077)
2024-04-05 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:0915-1)
2024-05-07 00:00:00
mageia
mageia
Updated libtiff packages fix security vulnerabilities
2024-03-21 00:19:08
redos
redos
ROS-20240329-21
2024-03-29 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2023-5.0-0125
2023-10-25 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0497
2023-10-25 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0673
2023-10-26 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-40745 affecting package libtiff for versions less than 4.6.0-1
2023-11-08 02:07:28
CVE-2023-41175 affecting package libtiff for versions less than 4.6.0-1
2023-11-08 02:07:28
debiancve
debiancve
CVE-2023-40745
2023-10-05 19:15:11
CVE-2023-41175
2023-10-05 19:15:11
CVE-2023-3576
2023-10-04 19:15:10
ubuntucve
ubuntucve
CVE-2023-40745
2023-10-05 00:00:00
CVE-2023-41175
2023-10-05 00:00:00
CVE-2023-3576
2023-10-04 00:00:00
oraclelinux
oraclelinux
libtiff security update
2024-05-02 00:00:00
libtiff security update
2023-11-11 00:00:00
almalinux
almalinux
Moderate: libtiff security update
2024-04-30 00:00:00
Moderate: libtiff security update
2023-11-07 00:00:00
veracode
veracode
Integer Overflow
2023-10-10 06:25:30
Integer Overflow
2023-10-10 06:34:43
Denial Of Service (DoS)
2023-10-11 08:47:09
redhatcve
redhatcve
CVE-2023-40745
2023-08-28 15:50:24
CVE-2023-41175
2023-08-28 15:50:25
CVE-2023-3576
2023-07-10 10:24:23
prion
prion
Integer overflow
2023-10-05 19:15:00
Integer overflow
2023-10-05 19:15:00
Memory corruption
2023-10-04 19:15:00
nvd
nvd
CVE-2023-40745
2023-10-05 19:15:11
CVE-2023-41175
2023-10-05 19:15:11
CVE-2023-3576
2023-10-04 19:15:10
amazon
amazon
Medium: libtiff
2023-09-27 22:15:00
Medium: libtiff
2023-07-20 17:28:00
Medium: libtiff
2023-07-19 22:14:00
redhat
redhat
(RHSA-2024:2289) Moderate: libtiff security update
2024-04-30 06:15:17
(RHSA-2023:6575) Moderate: libtiff security update
2023-11-07 06:08:53
(RHSA-2024:3790) Moderate: OpenShift API for Data Protection (OADP) 1.3.2 security and bug fix update
2024-06-11 02:31:21
cvelist
cvelist
CVE-2023-41175 Libtiff: potential integer overflow in raw2tiff.c
2023-10-05 18:55:26
CVE-2023-40745 Libtiff: integer overflow in tiffcp.c
2023-10-05 18:55:26
CVE-2023-3576 Libtiff: memory leak in tiffcrop.c
2023-10-04 18:02:23
ibm
ibm
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in LibTIFF
2024-09-17 22:04:14
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in LibTIFF
2024-08-29 19:08:58
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service due to [CVE-2023-3576]
2023-07-28 14:36:37
cve
cve
CVE-2023-40745
2023-10-05 19:15:11
CVE-2023-41175
2023-10-05 19:15:11
CVE-2023-3576
2023-10-04 19:15:10
vulnrichment
vulnrichment
CVE-2023-41175 Libtiff: potential integer overflow in raw2tiff.c
2023-10-05 18:55:26
ubuntu
ubuntu
LibTIFF vulnerabilities
2023-11-23 00:00:00
cloudfoundry
cloudfoundry
USN-6512-1: LibTIFF vulnerabilities | Cloud Foundry
2024-03-18 00:00:00
debian
debian
[SECURITY] [DLA 3758-1] tiff security update
2024-03-11 12:38:16
hp
hp
HP ThinPro 8.1 SP 2 Security Updates
2024-04-12 00:00:00

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

41.2%

JSON
Related for DEBIAN:DSA-5567-1:73E9C
osv9nessus42openvas27mageia1redos1photon3cbl_mariner2debiancve3ubuntucve3oraclelinux2almalinux2veracode3redhatcve3prion3nvd3amazon4redhat8cvelist3ibm5cve3vulnrichment1ubuntu1cloudfoundry1debian1hp1