SB2023022727 - Multiple DoS vulnerabilities in LibTIFF

Description

This security bulletin contains information about 10 vulnerabilities.

1) Out-of-bounds write (CVE-ID: CVE-2023-0804)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the tiffcrop() function in tools/tiffcrop.c. A remote attacker can pass a specially crafted TIFF file to the application, trigger an out-of-bounds write and perform a denial of service (DoS) attack.

2) Out-of-bounds write (CVE-ID: CVE-2023-0803)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the tiffcrop() function in tools/tiffcrop.c. A remote attacker can pass a specially crafted TIFF file to the application, trigger an out-of-bounds write and perform a denial of service (DoS) attack.

3) Out-of-bounds read (CVE-ID: CVE-2023-0802)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the tiffcrop() function in tools/tiffcrop.c. A remote attacker can pass a specially crafted TIFF file to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.

4) Out-of-bounds read (CVE-ID: CVE-2023-0801)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the tiffcrop() function in tools/tiffcrop.c. A remote attacker can pass a specially crafted TIFF file to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.

5) Out-of-bounds read (CVE-ID: CVE-2023-0800)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the tiffcrop() function in tools/tiffcrop.c. A remote attacker can pass a specially crafted TIFF file to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.

6) Out-of-bounds read (CVE-ID: CVE-2023-0799)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the tiffcrop() function in tools/tiffcrop.c. A remote attacker can pass a specially crafted TIFF file to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.

7) Out-of-bounds read (CVE-ID: CVE-2023-0798)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the tiffcrop() function in tools/tiffcrop.c. A remote attacker can pass a specially crafted TIFF file to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.

8) Out-of-bounds read (CVE-ID: CVE-2023-0797)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the tiffcrop() function in tools/tiffcrop.c. A remote attacker can pass a specially crafted TIFF file to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.

9) Out-of-bounds read (CVE-ID: CVE-2023-0796)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the tiffcrop() function in tools/tiffcrop.c. A remote attacker can pass a specially crafted TIFF file to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.

10) Out-of-bounds read (CVE-ID: CVE-2023-0795)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the tiffcrop() function in tools/tiffcrop.c. A remote attacker can pass a specially crafted TIFF file to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00
• https://gitlab.com/libtiff/libtiff/-/issues/497
• https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0804.json
• https://gitlab.com/libtiff/libtiff/-/issues/501
• https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0803.json
• https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0802.json
• https://gitlab.com/libtiff/libtiff/-/issues/500
• https://gitlab.com/libtiff/libtiff/-/issues/498
• https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0801.json
• https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0800.json
• https://gitlab.com/libtiff/libtiff/-/issues/496
• https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0799.json
• https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68
• https://gitlab.com/libtiff/libtiff/-/issues/494
• https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0798.json
• https://gitlab.com/libtiff/libtiff/-/issues/492
• https://gitlab.com/libtiff/libtiff/-/issues/495
• https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0797.json
• https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0796.json
• https://gitlab.com/libtiff/libtiff/-/issues/499
• https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0795.json
• https://gitlab.com/libtiff/libtiff/-/issues/493