Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

SUSE: 2023:4371-1 Moderate: Multiple TIFF Issues Resolved

suse
Calendar Grey November 6, 2023
Dist Suse Esm H88
Crucial patch released for tiff on SUSE addresses multiple security flaws. Ensure your systems are current to avoid potential threats.
* bsc#1212535 * bsc#1212881 * bsc#1212883 * bsc#1212888 * bsc#1213273

Summary

## This update for tiff fixes the following issues: * CVE-2023-38289: Fixed a NULL pointer dereference in raw2tiff (bsc#1213589). * CVE-2023-38288: Fixed an integer overflow in raw2tiff (bsc#1213590). * CVE-2023-3576: Fixed a memory leak in tiffcrop (bsc#1213273). * CVE-2020-18768: Fixed an out of bounds read in tiffcp (bsc#1214574). * CVE-2023-26966: Fixed an out of bounds read when transforming a little- endian file to a big-endian output (bsc#1212881) * CVE-2023-3618: Fixed a NULL pointer dereference while encoding FAX3 files (bsc#1213274). * CVE-2023-2908: Fixed an undefined behavior issue when doing pointer arithmetic on a NULL pointer (bsc#1212888). * CVE-2023-3316: Fixed a NULL pointer dereference while opening a file in an inaccessible path (bsc#1212535).

Topics%20covered

Topics Covered

security advisory moderate severity vulnerability SUSE patch instructions TIFF issue

References

* bsc#1212535

* bsc#1212881

* bsc#1212883

* bsc#1212888

* bsc#1213273

* bsc#1213274

* bsc#1213589

* bsc#1213590

* bsc#1214574

Cross-

* CVE-2020-18768

* CVE-2023-25433

* CVE-2023-26966

* CVE-2023-2908

* CVE-2023-3316

* CVE-2023-3576

* CVE-2023-3618

* CVE-2023-38288

* CVE-2023-38289

CVSS scores:

* CVE-2020-18768 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2020-18768 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2023-25433 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2023-26966 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

* CVE-2023-26966 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2023-2908 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Announcement ID: SUSE-SU-2023:4371-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate severity vulnerability SUSE patch instructions TIFF issue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here