{"id":"MGASA-2024-0077","summary":"Updated libtiff packages fix security vulnerabilities","details":"LibTIFF is vulnerable to an integer overflow. This flaw allows remote\nattackers to cause a denial of service (application crash) or possibly\nexecute an arbitrary code via a crafted tiff image, which triggers a\nheap-based buffer overflow. (CVE-2023-40745)\nA vulnerability was found in libtiff due to multiple potential integer\noverflows in raw2tiff.c. This flaw allows remote attackers to cause a\ndenial of service or possibly execute an arbitrary code via a crafted\ntiff image, which triggers a heap-based buffer overflow.\n(CVE-2023-41175)\n","modified":"2026-04-16T00:09:46.818649519Z","published":"2024-03-20T21:19:08Z","upstream":["CVE-2023-40745","CVE-2023-41175"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0077.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=32983"},{"type":"WEB","url":"https://lwn.net/Articles/965827/"}],"affected":[{"package":{"name":"libtiff","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/libtiff?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.5.1-1.2.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0077.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}