[Buildroot] [PATCH] package/tiff: security bump to version 4.5.1
Peter Korsgaard
peter at korsgaard.com
Mon Jun 26 05:50:08 UTC 2023
>>>>> "Baruch" == Baruch Siach <baruch at tkos.co.il> writes:
> Hi Peter,
> On Sun, Jun 25 2023, Peter Korsgaard wrote:
>> Fixes the following security issues:
>>
>> - CVE-2023-1916: A flaw was found in tiffcrop, a program distributed by the
>> libtiff package. A specially crafted tiff file can lead to an
>> out-of-bounds read in the extractImageSection function in
>> tools/tiffcrop.c, resulting in a denial of service and limited information
>> disclosure. This issue affects libtiff versions 4.x.
>>
>> - CVE-2023-25434: libtiff 4.5.0 is vulnerable to Buffer Overflow via
>> extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215.
>>
>> - CVE-2023-26965: loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0
>> has a heap-based use after free via a crafted TIFF image
>>
>> Drop the now upstream
>> 0001-tiffcrop-Correct-simple-copy-paste-error-Fix-488.patch.
> Should be removed from .checkpackageignore as well.
Ahh yes, thanks for reminding me.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list