{"id":"MGASA-2023-0255","summary":"Updated libtiff packages fix security vulnerability","details":"A null pointer dereference issue was found in Libtiff's tif_dir.c file.\nThis issue may allow an attacker to pass a crafted TIFF image file to the\ntiffcp utility which triggers a runtime error that causes undefined\nbehavior. This will result in an application crash, eventually leading to\na denial of service. (CVE-2023-2908)\n\nA NULL pointer dereference in TIFFClose() is caused by a failure to open\nan output file (non-existent path or a path that requires permissions like\n/dev/null) while specifying zones. (CVE-2023-3316)\n\nA vulnerability was found in SourceCodester Resort Management System 1.0.\nIt has been declared as problematic. Affected by this vulnerability is an\nunknown functionality. The manipulation of the argument page leads to\ncross site scripting. The attack can be launched remotely. The exploit has\nbeen disclosed to the public and may be used. (CVE-2023-3618)\n\nlibtiff 4.5.0 is vulnerable to Buffer Overflow in\n/libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after\nrotateImage() in tiffcrop cause heap-buffer-overflow and SEGV.\n(CVE-2023-25433)\n\nloadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based\nuse after free via a crafted TIFF image. (CVE-2023-26965)\n\nlibtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff\nreads a corrupted little-endian TIFF file and specifies the output to be\nbig-endian. (CVE-2023-26966)\n","modified":"2026-02-04T03:21:53.305298Z","published":"2023-09-11T13:07:54Z","related":["CVE-2023-25433","CVE-2023-26965","CVE-2023-26966","CVE-2023-2908","CVE-2023-3316","CVE-2023-3618"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0255.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=32117"},{"type":"REPORT","url":"https://ubuntu.com/security/notices/USN-6229-1"}],"affected":[{"package":{"name":"libtiff","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/libtiff?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.5.1-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0255.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}