First published: Fri Nov 24 2023(Updated: )
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Libtiff Libtiff | ||
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux | =9.0 | |
ubuntu/tiff | <4.3.0-6ubuntu0.8 | 4.3.0-6ubuntu0.8 |
ubuntu/tiff | <4.0.9-5ubuntu0.10+ | 4.0.9-5ubuntu0.10+ |
ubuntu/tiff | <4.1.0+ | 4.1.0+ |
ubuntu/tiff | <4.5.1+ | 4.5.1+ |
ubuntu/tiff | <4.0.3-7ubuntu0.11+ | 4.0.3-7ubuntu0.11+ |
ubuntu/tiff | <4.0.6-1ubuntu0.8+ | 4.0.6-1ubuntu0.8+ |
debian/tiff | <=4.1.0+git191117-2~deb10u4<=4.2.0-1+deb11u5<=4.5.0-6+deb12u1 | 4.1.0+git191117-2~deb10u9 4.5.1+git230720-4 |
=8.0 | ||
=9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.