{"id":"MGASA-2023-0080","summary":"Updated libtiff packages fix security vulnerability","details":"Out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing\nattackers to cause a denial-of-service via a crafted tiff file.\n(CVE-2023-0795)\n\nOut-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing\nattackers to cause a denial-of-service via a crafted tiff file.\n(CVE-2023-0796)\n\nOut-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by\ntools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to\ncause a denial-of-service via a crafted tiff file. (CVE-2023-0797)\n\nOut-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing\nattackers to cause a denial-of-service via a crafted tiff file.\n(CVE-2023-0798)\n\nOut-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing\nattackers to cause a denial-of-service via a crafted tiff file\n(CVE-2023-0799)\n\nOut-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing\nattackers to cause a denial-of-service via a crafted tiff file.\n(CVE-2023-0800)\n\nOut-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by\ntools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to\ncause a denial-of-service via a crafted tiff file. (CVE-2023-0801)\n\nOut-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing\nattackers to cause a denial-of-service via a crafted tiff file.\n(CVE-2023-0802)\n\nOut-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing\nattackers to cause a denial-of-service via a crafted tiff file.\n(CVE-2023-0803)\n\nOut-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing\nattackers to cause a denial-of-service via a crafted tiff file.\n(CVE-2023-0804)\n","modified":"2026-04-16T00:12:26.310925077Z","published":"2023-03-01T21:14:31Z","upstream":["CVE-2023-0795","CVE-2023-0796","CVE-2023-0797","CVE-2023-0798","CVE-2023-0799","CVE-2023-0800","CVE-2023-0801","CVE-2023-0802","CVE-2023-0803","CVE-2023-0804"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0080.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=31585"},{"type":"WEB","url":"https://www.debian.org/lts/security/2023/dla-3333"}],"affected":[{"package":{"name":"libtiff","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/libtiff?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.0-1.14.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0080.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}