diff options
author | Yogita Urade <yogita.urade@windriver.com> | 2024-02-02 08:26:32 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2024-02-08 10:53:13 +0000 |
commit | eba805ace44c6884377e765860059d39c61405a2 (patch) | |
tree | 288eb6b51dc8ae7dbcc36e449ba84483feb52aea /meta/lib/oe | |
parent | 57d82f92c1060c5f15072f5d266dbac11665ae26 (diff) | |
download | poky-eba805ace44c6884377e765860059d39c61405a2.tar.gz |
tiff: fix CVE-2023-52355 and CVE-2023-52356
CVE-2023-52355:
An out-of-memory flaw was found in libtiff that could be
triggered by passing a crafted tiff file to the
TIFFRasterScanlineSize64() API. This flaw allows a remote
attacker to cause a denial of service via a crafted input
with a size smaller than 379 KB.
Issue fixed by providing a documentation update.
CVE-2023-52356:
A segment fault (SEGV) flaw was found in libtiff that could
be triggered by passing a crafted tiff file to the
TIFFReadRGBATileExt() API. This flaw allows a remote attacker
to cause a heap-buffer overflow, leading to a denial of service.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-52355
https://security-tracker.debian.org/tracker/CVE-2023-52355
https://gitlab.com/libtiff/libtiff/-/issues/621
https://gitlab.com/libtiff/libtiff/-/merge_requests/553
https://nvd.nist.gov/vuln/detail/CVE-2023-52356
https://gitlab.com/libtiff/libtiff/-/issues/622
https://gitlab.com/libtiff/libtiff/-/merge_requests/546
(From OE-Core rev: 831d7a2fffb3dec94571289292f0940bc7ecd70a)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/lib/oe')
0 files changed, 0 insertions, 0 deletions