Amazon Linux 2023 Security Advisory: ALAS-2023-255
Advisory Release Date: 2023-07-17 20:46 Pacific
Advisory Updated Date: 2025-02-26 19:34 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. (CVE-2023-0795)
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. (CVE-2023-0796)
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. (CVE-2023-0797)
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. (CVE-2023-0798)
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. (CVE-2023-0799)
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. (CVE-2023-0802)
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. (CVE-2023-0803)
libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV. (CVE-2023-25433)
libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215. (CVE-2023-25434)
libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753. (CVE-2023-25435)
Affected Packages:
libtiff
Issue Correction:
Run dnf update libtiff --releasever 2023.1.20230719 to update your system.
aarch64:
libtiff-debuginfo-4.4.0-4.amzn2023.0.6.aarch64
libtiff-tools-4.4.0-4.amzn2023.0.6.aarch64
libtiff-tools-debuginfo-4.4.0-4.amzn2023.0.6.aarch64
libtiff-static-4.4.0-4.amzn2023.0.6.aarch64
libtiff-4.4.0-4.amzn2023.0.6.aarch64
libtiff-debugsource-4.4.0-4.amzn2023.0.6.aarch64
libtiff-devel-4.4.0-4.amzn2023.0.6.aarch64
src:
libtiff-4.4.0-4.amzn2023.0.6.src
x86_64:
libtiff-debugsource-4.4.0-4.amzn2023.0.6.x86_64
libtiff-static-4.4.0-4.amzn2023.0.6.x86_64
libtiff-tools-4.4.0-4.amzn2023.0.6.x86_64
libtiff-debuginfo-4.4.0-4.amzn2023.0.6.x86_64
libtiff-4.4.0-4.amzn2023.0.6.x86_64
libtiff-tools-debuginfo-4.4.0-4.amzn2023.0.6.x86_64
libtiff-devel-4.4.0-4.amzn2023.0.6.x86_64