RLSA-2022:7585 --- libtiffID: oval:org.secpod.oval:def:4501052 | Date: (C)2023-04-03 (M)2023-12-26 |
Class: PATCH | Family: unix |
The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Security Fix: * libtiff: Denial of Service via crafted TIFF file * libtiff: Null source pointer lead to Denial of Service via crafted TIFF file * libtiff: reachable assertion * libtiff: Out-of-bounds Read error in tiffcp * libtiff: stack-buffer-overflow in tiffcp.c in main * libtiff: out-of-bounds read in _TIFFmemcpy in tif_unix.c * libtiff: heap buffer overflow in extractImageSection * tiff: Null source pointer passed as an argument to memcpy in TIFFFetchNormalTag in tif_dirread.c * tiff: Divide By Zero error in tiffcrop For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section.