57921 – tiff: Multiple issues (5.2)

Bug 57921 - tiff: Multiple issues (5.2)

Summary: tiff: Multiple issues (5.2)

Status:	CLOSED FIXED

Alias:	None

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 5.2
Hardware:	All Linux

Importance:	P3 normal
Target Milestone:	UCS 5.2-0-errata
Assignee:	Quality Assurance
QA Contact:	Dirk Wiesenthal

URL:
Keywords:

Depends on:
Blocks:

Reported:	2025-01-30 16:50 CET by Quality Assurance
Modified:	2025-02-05 15:53 CET (History)
CC List:	0 users

See Also:
What kind of report is it?:	Security Issue
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Customer ID:
Max CVSS v3 score:	7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Quality Assurance

2025-01-30 16:50:43 CET

New Debian tiff 4.5.0-6+deb12u2 fixes:
This update addresses the following issues:
* libtiff: null pointer dereference in tif_dir.c (CVE-2023-2908)
* libtiff: segmentation fault in Fax3Encode in libtiff/tif_fax3.c  (CVE-2023-3618)
* libtiff: Buffer Overflow via /libtiff/tools/tiffcrop.c (CVE-2023-25433)
* libtiff: heap-based use after free via a crafted TIFF image in loadImage()  in tiffcrop.c (CVE-2023-26965)
* libtiff: Buffer Overflow in uv_encode() (CVE-2023-26966)
* libtiff: Segment fault in libtiff in TIFFReadRGBATileExt() leading to  denial of service (CVE-2023-52356)
* libtiff: NULL pointer dereference in tif_dirinfo.c (CVE-2024-7006)

Comment 1 Quality Assurance

2025-01-30 17:00:25 CET

--- mirror/ftp/pool/main/t/tiff/tiff_4.5.0-6+deb12u1.dsc
+++ apt/ucs_5.2-0-errata5.2-0/source/tiff_4.5.0-6+deb12u2.dsc
@@ -1,3 +1,13 @@
+4.5.0-6+deb12u2 [Fri, 03 Jan 2025 14:39:11 +0100] Moritz Mühlenhoff <jmm@debian.org>:
+
+  * CVE-2023-2908
+  * CVE-2023-3618 (Closes: #1040945)
+  * CVE-2023-25433
+  * CVE-2023-26965
+  * CVE-2023-26966
+  * CVE-2023-52356 (Closes: #1061524)
+  * CVE-2024-7006 (Closes: #1078648)
+
 4.5.0-6+deb12u1 [Thu, 23 Nov 2023 16:06:18 +0800] Aron Xu <aron@debian.org>:
 
   * Non-maintainer upload by the Security Team.

<http://piuparts.knut.univention.de/5.2-0/#7280331731119715974>

Comment 2 Iván.Delgado

2025-02-03 12:45:27 CET

OK: bug
OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[5.2-0] a4c470086f Bug #57921: tiff 4.5.0-6+deb12u2
 doc/errata/staging/tiff.yaml | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

Comment 3 Iván.Delgado

2025-02-05 15:53:55 CET

<https://errata.software-univention.de/#/?erratum=5.2x20>