What is the vulnerability ID for this advisory?

The vulnerability ID for this advisory is USN-6512-1.

What is the severity of the LibTIFF vulnerabilities?

The severity of the LibTIFF vulnerabilities is not mentioned in the provided information.

How can the LibTIFF vulnerabilities be exploited?

The LibTIFF vulnerabilities can be exploited by tricking a user or automated system into opening a specially crafted image file, which may lead to a denial of service.

Which versions of Ubuntu are affected by the LibTIFF vulnerabilities?

The LibTIFF vulnerabilities affect Ubuntu versions 22.04, 20.04, 18.04, 16.04, and 14.04.

How do I fix the LibTIFF vulnerabilities?

To fix the LibTIFF vulnerabilities, you should update the libtiff-tools and libtiff5 packages to the specified versions provided in the Ubuntu security advisory.

Vulnerability/
USN-6512-1

23/11/2023

USN-6512-1: LibTIFF vulnerabilities

First published: Thu Nov 23 2023(Updated: )

It was discovered that LibTIFF could be made to run into an infinite loop. If a user or an automated system were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause a denial of service. (CVE-2022-40090) It was discovered that LibTIFF could be made leak memory. If a user or an automated system were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause a denial of service. (CVE-2023-3576)

Affected Software	Affected Version	How to fix
All of
ubuntu/libtiff-tools	<4.3.0-6ubuntu0.7	4.3.0-6ubuntu0.7
Ubuntu Ubuntu	=22.04
All of
ubuntu/libtiff5	<4.3.0-6ubuntu0.7	4.3.0-6ubuntu0.7
Ubuntu Ubuntu	=22.04
All of
ubuntu/libtiff-tools	<4.1.0+git191117-2ubuntu0.20.04.11	4.1.0+git191117-2ubuntu0.20.04.11
Ubuntu Ubuntu	=20.04
All of
ubuntu/libtiff5	<4.1.0+git191117-2ubuntu0.20.04.11	4.1.0+git191117-2ubuntu0.20.04.11
Ubuntu Ubuntu	=20.04
All of
ubuntu/libtiff-tools	<4.0.9-5ubuntu0.10+esm4	4.0.9-5ubuntu0.10+esm4
Ubuntu Ubuntu	=18.04
All of
ubuntu/libtiff5	<4.0.9-5ubuntu0.10+esm4	4.0.9-5ubuntu0.10+esm4
Ubuntu Ubuntu	=18.04
All of
ubuntu/libtiff-tools	<4.0.6-1ubuntu0.8+esm14	4.0.6-1ubuntu0.8+esm14
Ubuntu Ubuntu	=16.04
All of
ubuntu/libtiff5	<4.0.6-1ubuntu0.8+esm14	4.0.6-1ubuntu0.8+esm14
Ubuntu Ubuntu	=16.04
All of
ubuntu/libtiff-tools	<4.0.3-7ubuntu0.11+esm11	4.0.3-7ubuntu0.11+esm11
Ubuntu Ubuntu	=14.04
All of
ubuntu/libtiff5	<4.0.3-7ubuntu0.11+esm11	4.0.3-7ubuntu0.11+esm11
Ubuntu Ubuntu	=14.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the vulnerability ID for this advisory?
The vulnerability ID for this advisory is USN-6512-1.
What is the severity of the LibTIFF vulnerabilities?
The severity of the LibTIFF vulnerabilities is not mentioned in the provided information.
How can the LibTIFF vulnerabilities be exploited?
The LibTIFF vulnerabilities can be exploited by tricking a user or automated system into opening a specially crafted image file, which may lead to a denial of service.
Which versions of Ubuntu are affected by the LibTIFF vulnerabilities?
The LibTIFF vulnerabilities affect Ubuntu versions 22.04, 20.04, 18.04, 16.04, and 14.04.
How do I fix the LibTIFF vulnerabilities?
To fix the LibTIFF vulnerabilities, you should update the libtiff-tools and libtiff5 packages to the specified versions provided in the Ubuntu security advisory.

agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/title
agent/type
collector/usn
source/Ubuntu
agent/software-canonical-lookup
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/22.04
version/ubuntu ubuntu/20.04
version/ubuntu ubuntu/18.04
version/ubuntu ubuntu/16.04
version/ubuntu ubuntu/14.04