tiff: fix CVE-2023-52355 and CVE-2023-52356 - linux/poky.git

diff options

author	Yogita Urade <yogita.urade@windriver.com>	2024-02-02 08:26:32 +0000
committer	Steve Sakoman <steve@sakoman.com>	2024-02-22 04:34:14 -1000
commit	4b37e67fbc106ee724e8dc94836c19bd65589ffa (patch)
tree	f6687e1e7d9c44deb35280f8eb7d742b5d1f24bd /documentation/conf.py
parent	0cc056f177f948548a8c80bac6ecc7e365297d44 (diff)
download	poky-4b37e67fbc106ee724e8dc94836c19bd65589ffa.tar.gz

tiff: fix CVE-2023-52355 and CVE-2023-52356

CVE-2023-52355: An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB. Issue fixed by providing a documentation update. CVE-2023-52356: A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. References: https://nvd.nist.gov/vuln/detail/CVE-2023-52355 https://security-tracker.debian.org/tracker/CVE-2023-52355 https://gitlab.com/libtiff/libtiff/-/issues/621 https://gitlab.com/libtiff/libtiff/-/merge_requests/553 https://nvd.nist.gov/vuln/detail/CVE-2023-52356 https://gitlab.com/libtiff/libtiff/-/issues/622 https://gitlab.com/libtiff/libtiff/-/merge_requests/546 (From OE-Core rev: 71348662169be9737b10fbd305646df9295a07f6) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 831d7a2fffb3dec94571289292f0940bc7ecd70a) Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'documentation/conf.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: