tiff: fix CVE-2023-52355 and CVE-2023-52356 - openembedded-core

diff options

author	Yogita Urade <yogita.urade@windriver.com>	2024-02-02 08:26:32 +0000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2024-02-08 10:53:03 +0000
commit	831d7a2fffb3dec94571289292f0940bc7ecd70a (patch)
tree	9741cf72a29eb0be2a0940827ff7673e2462a630 /.templateconf
parent	e6a8ca554509c0edf9fd36ced88165dc3caf0e87 (diff)
download	openembedded-core-831d7a2fffb3dec94571289292f0940bc7ecd70a.tar.gz

tiff: fix CVE-2023-52355 and CVE-2023-52356

CVE-2023-52355: An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB. Issue fixed by providing a documentation update. CVE-2023-52356: A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. References: https://nvd.nist.gov/vuln/detail/CVE-2023-52355 https://security-tracker.debian.org/tracker/CVE-2023-52355 https://gitlab.com/libtiff/libtiff/-/issues/621 https://gitlab.com/libtiff/libtiff/-/merge_requests/553 https://nvd.nist.gov/vuln/detail/CVE-2023-52356 https://gitlab.com/libtiff/libtiff/-/issues/622 https://gitlab.com/libtiff/libtiff/-/merge_requests/546 Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to '.templateconf')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: