CVE-2023-0798 – libtiff: out-of-bounds read in extractContigSamplesShifted8bits() in tools/tiffcrop.c
https://notcve.org/view.php?id=CVE-2023-0798
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted8bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0798.json https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68 https://gitlab.com/libtiff/libtiff/-/issues/492 https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html https://security.gentoo.org/glsa/202305-31 https://security.netapp.com/advisory/ntap-20230316-0003 https://www.debian.org/security/2023/dsa-5361 https://access.redhat.com/security/cve/CVE-2023-0798 https: • CWE-125: Out-of-bounds Read •
CVE-2023-0799 – libtiff: use-after-free in extractContigSamplesShifted32bits() in tools/tiffcrop.c
https://notcve.org/view.php?id=CVE-2023-0799
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to a use-after-free problem in the extractContigSamplesShifted32bits function in tools/tiffcrop.c, resulting in a Denial of Service. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0799.json https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68 https://gitlab.com/libtiff/libtiff/-/issues/494 https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html https://security.gentoo.org/glsa/202305-31 https://security.netapp.com/advisory/ntap-20230316-0003 https://www.debian.org/security/2023/dsa-5361 https://access.redhat.com/security/cve/CVE-2023-0799 https: • CWE-416: Use After Free •
CVE-2023-0802 – libtiff: out-of-bounds write in extractContigSamplesShifted32bits() in tools/tiffcrop.c
https://notcve.org/view.php?id=CVE-2023-0802
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted32bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0802.json https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00 https://gitlab.com/libtiff/libtiff/-/issues/500 https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html https://security.gentoo.org/glsa/202305-31 https://security.netapp.com/advisory/ntap-20230316-0002 https://www.debian.org/security/2023/dsa-5361 https://access.redhat.com/security/cve/CVE-2023-0802 https: • CWE-787: Out-of-bounds Write •
CVE-2023-0803 – libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c
https://notcve.org/view.php?id=CVE-2023-0803
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0803.json https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00 https://gitlab.com/libtiff/libtiff/-/issues/501 https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html https://security.gentoo.org/glsa/202305-31 https://security.netapp.com/advisory/ntap-20230316-0002 https://www.debian.org/security/2023/dsa-5361 https://access.redhat.com/security/cve/CVE-2023-0803 https: • CWE-787: Out-of-bounds Write •
CVE-2022-48281 – libtiff: heap-based buffer overflow in processCropSelections() in tools/tiffcrop.c
https://notcve.org/view.php?id=CVE-2022-48281
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image. A vulnerability was found in libtiff. This vulnerability occurs due to an issue in processCropSelections in the tools/tiffcrop.c function in LibTIFF that has a heap-based buffer overflow (for example, "WRITE of size 307203") via a crafted TIFF image. • https://gitlab.com/libtiff/libtiff/-/commit/d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5 https://gitlab.com/libtiff/libtiff/-/issues/488 https://lists.debian.org/debian-lts-announce/2023/01/msg00037.html https://security.gentoo.org/glsa/202305-31 https://security.netapp.com/advisory/ntap-20230302-0004 https://www.debian.org/security/2023/dsa-5333 https://access.redhat.com/security/cve/CVE-2022-48281 https://bugzilla.redhat.com/show_bug.cgi?id=2163606 • CWE-787: Out-of-bounds Write •