tiff: fix CVE-2023-52355 and CVE-2023-52356 - linux/poky.git

diff options

author	Yogita Urade <yogita.urade@windriver.com>	2024-02-02 08:26:32 +0000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2024-02-08 10:53:13 +0000
commit	eba805ace44c6884377e765860059d39c61405a2 (patch)
tree	288eb6b51dc8ae7dbcc36e449ba84483feb52aea /meta/lib/oe
parent	57d82f92c1060c5f15072f5d266dbac11665ae26 (diff)
download	poky-eba805ace44c6884377e765860059d39c61405a2.tar.gz

tiff: fix CVE-2023-52355 and CVE-2023-52356

CVE-2023-52355: An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB. Issue fixed by providing a documentation update. CVE-2023-52356: A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. References: https://nvd.nist.gov/vuln/detail/CVE-2023-52355 https://security-tracker.debian.org/tracker/CVE-2023-52355 https://gitlab.com/libtiff/libtiff/-/issues/621 https://gitlab.com/libtiff/libtiff/-/merge_requests/553 https://nvd.nist.gov/vuln/detail/CVE-2023-52356 https://gitlab.com/libtiff/libtiff/-/issues/622 https://gitlab.com/libtiff/libtiff/-/merge_requests/546 (From OE-Core rev: 831d7a2fffb3dec94571289292f0940bc7ecd70a) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'meta/lib/oe')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: