Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
172
security advisorydenial of serviceubuntuUbuntu 23.04 LTS: USN-6428-1 Critical Denial of Service in LibTIFF
LibTIFF could be made to crash if it opened a specially crafted file.. ========================================================================== Ubuntu Security Notice USN-6428-1 October 11, 2023 tiff vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: LibTIFF could be made to crash if it opened a specially crafted file. Software Description: - tiff: Tag Image File Format (TIFF) library Details: It was discovered that LibTIFF could be made to read out of bounds when processing certain malformed image files with the tiffcrop utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: libtiff-tools 4.5.0-5ubuntu1.2 libtiff6 4.5.0-5ubuntu1.2 Ubuntu 22.04 LTS: libtiff-tools 4.3.0-6ubuntu0.6 libtiff5 4.3.0-6ubuntu0.6 Ubuntu 20.04 LTS: libtiff-tools 4.1.0+git191117-2ubuntu0.20.04.10 libtiff5 4.1.0+git191117-2ubuntu0.20.04.10 Ubuntu 18.04 LTS (Available with Ubuntu Pro): libtiff-tools 4.0.9-5ubuntu0.10+esm3 libtiff5 4.0.9-5ubuntu0.10+esm3 Ubuntu 16.04 LTS (Available with Ubuntu Pro): libtiff-tools 4.0.6-1ubuntu0.8+esm13 libtiff5 4.0.6-1ubuntu0.8+esm13 Ubuntu 14.04 LTS (Available with Ubuntu Pro): libtiff-tools 4.0.3-7ubuntu0.11+esm10 libtiff5 4.0.3-7ubuntu0.11+esm10 In general, a standardsystem update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6428-1 CVE-2023-1916 Package Information: https://launchpad.net/ubuntu/+source/tiff/4.5.0-5ubuntu1.2 https://launchpad.net/ubuntu/+source/tiff/4.3.0-6ubuntu0.6 https://launchpad.net/ubuntu/+source/tiff/4.1.0+git191117-2ubuntu0.20.04.10 . If an improperly structured image file is accessed, LibTIFF on Ubuntu may lead to a crash. To enhance security and address this vulnerability, updates are now available to rectify the problem.. LibTIFF Security, Denial of Service Update, Ubuntu Security Notice, tiffcrop Exploit. . Severity: Critical. LinuxSecurity.com Team
Oct 11, 2023
•Critical
Ubuntu
87
security advisorymoderatedenial of serviceDebian 11 Bullseye: DSA-5361-1 Moderate: tiff Denial of Service
Several flaws were found in tiffcrop, a program distributed by tiff, the Tag Image File Format (TIFF) library and tools. A specially crafted tiff file can lead to an out-of-bounds write or read resulting in a denial of service. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5361-1
Feb 24, 2023
•Important
Debian
203
security advisorymoderatelibtiffMageia: 2022-0337 Moderate: tiffcrop Out Of Bounds Exploit
libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation. (CVE-2022-2867) . MGASA-2022-0337 - Updated libtiff packages fix security vulnerability Publication date: 16 Sep 2022 URL: https://advisories.mageia.org/MGASA-2022-0337.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-2867, CVE-2022-2868, CVE-2022-2869 libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation. (CVE-2022-2867) libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop. (CVE-2022-2868) libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation. (CVE-2022-2869) References: - https://bugs.mageia.org/show_bug.cgi?id=30836 - - https://www.cve.org/CVERecord?id=CVE-2022-2867 - https://www.cve.org/CVERecord?id=CVE-2022-2868 - https://www.cve.org/CVERecord?id=CVE-2022-2869 SRPMS: - 8/core/libtiff-4.2.0-1.8.mga8 . Mageia patches libjpeg to address severe vulnerability permitting possible crashes and security breaches. More information can be found in the advisory.. libtiff security, tiffcrop update, Mageia advisory, out of bounds error, software exploit. . LinuxSecurity.com Team
Sep 16, 2022
Mageia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!