Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

SUSE Security Update 2023:4370-1 Addresses Moderate TIFF Vulnerabilities

suse
Calendar Grey November 6, 2023
Dist Suse Esm H88
Important revision for SUSE libtiff package addressing multiple security threats and weaknesses, reinforcing system protection.
* bsc#1212535 * bsc#1212881 * bsc#1212883 * bsc#1212888 * bsc#1213273

Summary

## This update for tiff fixes the following issues: * CVE-2023-38289: Fixed a NULL pointer dereference in raw2tiff (bsc#1213589). * CVE-2023-38288: Fixed an integer overflow in raw2tiff (bsc#1213590). * CVE-2023-3576: Fixed a memory leak in tiffcrop (bsc#1213273). * CVE-2020-18768: Fixed an out of bounds read in tiffcp (bsc#1214574). * CVE-2023-26966: Fixed an out of bounds read when transforming a little- endian file to a big-endian output (bsc#1212881) * CVE-2023-3618: Fixed a NULL pointer dereference while encoding FAX3 files (bsc#1213274). * CVE-2023-2908: Fixed an undefined behavior issue when doing pointer arithmetic on a NULL pointer (bsc#1212888). * CVE-2023-3316: Fixed a NULL pointer dereference while opening a file in an inaccessible path (bsc#1212535).

Topics%20covered

Topics Covered

security advisory moderate software patch memory leak SUSE tiff

References

* bsc#1212535

* bsc#1212881

* bsc#1212883

* bsc#1212888

* bsc#1213273

* bsc#1213274

* bsc#1213589

* bsc#1213590

* bsc#1214574

Cross-

* CVE-2020-18768

* CVE-2023-25433

* CVE-2023-26966

* CVE-2023-2908

* CVE-2023-3316

* CVE-2023-3576

* CVE-2023-3618

* CVE-2023-38288

* CVE-2023-38289

CVSS scores:

* CVE-2020-18768 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2020-18768 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2023-25433 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2023-26966 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

* CVE-2023-26966 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2023-2908 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Announcement ID: SUSE-SU-2023:4370-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate software patch memory leak SUSE tiff

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here