git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit

tiff: fix CVE-2023-52355 and CVE-2023-52356

CVE-2023-52355:
An out-of-memory flaw was found in libtiff that could be
triggered by passing a crafted tiff file to the
TIFFRasterScanlineSize64() API. This flaw allows a remote
attacker to cause a denial of service via a crafted input
with a size smaller than 379 KB.
Issue fixed by providing a documentation update.

CVE-2023-52356:
A segment fault (SEGV) flaw was found in libtiff that could
be triggered by passing a crafted tiff file to the
TIFFReadRGBATileExt() API. This flaw allows a remote attacker
to cause a heap-buffer overflow, leading to a denial of service.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-52355
https://security-tracker.debian.org/tracker/CVE-2023-52355
https://gitlab.com/libtiff/libtiff/-/issues/621
https://gitlab.com/libtiff/libtiff/-/merge_requests/553
https://nvd.nist.gov/vuln/detail/CVE-2023-52356
https://gitlab.com/libtiff/libtiff/-/issues/622
https://gitlab.com/libtiff/libtiff/-/merge_requests/546

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

author	Yogita Urade <yogita.urade@windriver.com>
	Fri, 2 Feb 2024 08:26:32 +0000 (08:26 +0000)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Thu, 8 Feb 2024 10:53:03 +0000 (10:53 +0000)
commit	831d7a2fffb3dec94571289292f0940bc7ecd70a
tree	9741cf72a29eb0be2a0940827ff7673e2462a630	tree \| snapshot
parent	e6a8ca554509c0edf9fd36ced88165dc3caf0e87	commit \| diff

meta/recipes-multimedia/libtiff/tiff/CVE-2023-52355-0001.patch	[new file with mode: 0644]	blob
meta/recipes-multimedia/libtiff/tiff/CVE-2023-52355-0002.patch	[new file with mode: 0644]	blob
meta/recipes-multimedia/libtiff/tiff/CVE-2023-52356.patch	[new file with mode: 0644]	blob
meta/recipes-multimedia/libtiff/tiff_4.6.0.bb		diff \| blob \| blame \| history