ISHACK AI BOT

Amazon Linux AMI: CVE-2023-0803: Security patch for libtiff (ALAS-2023-1829) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 09/28/2023 Added 09/26/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) amazon-linux-upgrade-libtiff References ALAS-2023-1829 CVE-2023-0803

Amazon Linux AMI: CVE-2023-0804: Security patch for libtiff (ALAS-2023-1829) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 09/28/2023 Added 09/26/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) amazon-linux-upgrade-libtiff References ALAS-2023-1829 CVE-2023-0804

Amazon Linux AMI: CVE-2023-0798: Security patch for libtiff (ALAS-2023-1830) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 09/28/2023 Added 09/26/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) amazon-linux-upgrade-libtiff References ALAS-2023-1830 CVE-2023-0798

Amazon Linux AMI: CVE-2023-0795: Security patch for libtiff (ALAS-2023-1830) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 09/28/2023 Added 09/26/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) amazon-linux-upgrade-libtiff References ALAS-2023-1830 CVE-2023-0795

Ubuntu: USN-5923-1 (CVE-2023-0795): LibTIFF vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) ubuntu-pro-upgrade-libtiff-tools ubuntu-pro-upgrade-libtiff5 References https://attackerkb.com/topics/cve-2023-0795 CVE - 2023-0795 DSA-5361 USN-5923-1

Ubuntu: USN-5923-1 (CVE-2023-0804): LibTIFF vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) ubuntu-pro-upgrade-libtiff-tools ubuntu-pro-upgrade-libtiff5 References https://attackerkb.com/topics/cve-2023-0804 CVE - 2023-0804 DSA-5361 USN-5923-1

Ubuntu: USN-5923-1 (CVE-2023-0796): LibTIFF vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) ubuntu-pro-upgrade-libtiff-tools ubuntu-pro-upgrade-libtiff5 References https://attackerkb.com/topics/cve-2023-0796 CVE - 2023-0796 DSA-5361 USN-5923-1

Ubuntu: USN-5923-1 (CVE-2023-0797): LibTIFF vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) ubuntu-pro-upgrade-libtiff-tools ubuntu-pro-upgrade-libtiff5 References https://attackerkb.com/topics/cve-2023-0797 CVE - 2023-0797 DSA-5361 USN-5923-1

Ubuntu: USN-5923-1 (CVE-2023-0798): LibTIFF vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) ubuntu-pro-upgrade-libtiff-tools ubuntu-pro-upgrade-libtiff5 References https://attackerkb.com/topics/cve-2023-0798 CVE - 2023-0798 DSA-5361 USN-5923-1

Ubuntu: USN-5923-1 (CVE-2023-0799): LibTIFF vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) ubuntu-pro-upgrade-libtiff-tools ubuntu-pro-upgrade-libtiff5 References https://attackerkb.com/topics/cve-2023-0799 CVE - 2023-0799 DSA-5361 USN-5923-1

Ubuntu: USN-5923-1 (CVE-2023-0800): LibTIFF vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) ubuntu-pro-upgrade-libtiff-tools ubuntu-pro-upgrade-libtiff5 References https://attackerkb.com/topics/cve-2023-0800 CVE - 2023-0800 DSA-5361 USN-5923-1

Ubuntu: USN-5923-1 (CVE-2023-0802): LibTIFF vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) ubuntu-pro-upgrade-libtiff-tools ubuntu-pro-upgrade-libtiff5 References https://attackerkb.com/topics/cve-2023-0802 CVE - 2023-0802 DSA-5361 USN-5923-1

Ubuntu: USN-5923-1 (CVE-2023-0801): LibTIFF vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) ubuntu-pro-upgrade-libtiff-tools ubuntu-pro-upgrade-libtiff5 References https://attackerkb.com/topics/cve-2023-0801 CVE - 2023-0801 DSA-5361 USN-5923-1

Ubuntu: USN-5923-1 (CVE-2023-0803): LibTIFF vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) ubuntu-pro-upgrade-libtiff-tools ubuntu-pro-upgrade-libtiff5 References https://attackerkb.com/topics/cve-2023-0803 CVE - 2023-0803 DSA-5361 USN-5923-1

SUSE: CVE-2023-0795: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) suse-upgrade-libtiff-devel suse-upgrade-libtiff-devel-32bit suse-upgrade-libtiff5 suse-upgrade-libtiff5-32bit suse-upgrade-tiff References https://attackerkb.com/topics/cve-2023-0795 CVE - 2023-0795 DSA-5361

Huawei EulerOS: CVE-2023-0798: libtiff security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) huawei-euleros-2_0_sp9-upgrade-libtiff References https://attackerkb.com/topics/cve-2023-0798 CVE - 2023-0798 EulerOS-SA-2023-1874

Alpine Linux: CVE-2023-0802: Out-of-bounds Write Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) alpine-linux-upgrade-tiff References https://attackerkb.com/topics/cve-2023-0802 CVE - 2023-0802 https://security.alpinelinux.org/vuln/CVE-2023-0802

SUSE: CVE-2023-0798: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) suse-upgrade-libtiff-devel suse-upgrade-libtiff-devel-32bit suse-upgrade-libtiff5 suse-upgrade-libtiff5-32bit suse-upgrade-tiff References https://attackerkb.com/topics/cve-2023-0798 CVE - 2023-0798 DSA-5361

SUSE: CVE-2023-0801: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) suse-upgrade-libtiff-devel suse-upgrade-libtiff-devel-32bit suse-upgrade-libtiff5 suse-upgrade-libtiff5-32bit suse-upgrade-tiff References https://attackerkb.com/topics/cve-2023-0801 CVE - 2023-0801 DSA-5361

SUSE: CVE-2023-25563: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/14/2023 Created 02/22/2023 Added 02/21/2023 Modified 01/28/2025 Description GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, multiple out-of-bounds reads when decoding NTLM fields can trigger a denial of service. A 32-bit integer overflow condition can lead to incorrect checks of consistency of length of internal buffers. Although most applications will error out before accepting a singe input buffer of 4GB in length this could theoretically happen. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point if the application allows tokens greater than 4GB in length. This can lead to a large, up to 65KB, out-of-bounds read which could cause a denial-of-service if it reads from unmapped memory. Version 1.2.0 contains a patch for the out-of-bounds reads. Solution(s) suse-upgrade-gssntlmssp suse-upgrade-gssntlmssp-devel References https://attackerkb.com/topics/cve-2023-25563 CVE - 2023-25563

SUSE: CVE-2023-25577: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/14/2023 Created 03/30/2023 Added 03/30/2023 Modified 01/28/2025 Description Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers. Version 2.2.3 contains a patch for this issue. Solution(s) suse-upgrade-python-werkzeug suse-upgrade-python-werkzeug-doc suse-upgrade-python3-werkzeug References https://attackerkb.com/topics/cve-2023-25577 CVE - 2023-25577

SUSE: CVE-2023-0179: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 02/14/2023 Created 02/15/2023 Added 02/14/2023 Modified 01/28/2025 Description A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-al suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-dtb-zte suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-0179 CVE - 2023-0179

SUSE: CVE-2023-23518: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/13/2023 Created 02/17/2023 Added 02/16/2023 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Solution(s) suse-upgrade-libjavascriptcoregtk-4_0-18 suse-upgrade-libjavascriptcoregtk-4_0-18-32bit suse-upgrade-libjavascriptcoregtk-4_1-0 suse-upgrade-libjavascriptcoregtk-4_1-0-32bit suse-upgrade-libjavascriptcoregtk-5_0-0 suse-upgrade-libwebkit2gtk-4_0-37 suse-upgrade-libwebkit2gtk-4_0-37-32bit suse-upgrade-libwebkit2gtk-4_1-0 suse-upgrade-libwebkit2gtk-4_1-0-32bit suse-upgrade-libwebkit2gtk-5_0-0 suse-upgrade-libwebkit2gtk3-lang suse-upgrade-typelib-1_0-javascriptcore-4_0 suse-upgrade-typelib-1_0-javascriptcore-4_1 suse-upgrade-typelib-1_0-javascriptcore-5_0 suse-upgrade-typelib-1_0-webkit2-4_0 suse-upgrade-typelib-1_0-webkit2-4_1 suse-upgrade-typelib-1_0-webkit2-5_0 suse-upgrade-typelib-1_0-webkit2webextension-4_0 suse-upgrade-typelib-1_0-webkit2webextension-4_1 suse-upgrade-typelib-1_0-webkit2webextension-5_0 suse-upgrade-webkit-jsc-4 suse-upgrade-webkit-jsc-4-1 suse-upgrade-webkit-jsc-5-0 suse-upgrade-webkit2gtk-4-0-lang suse-upgrade-webkit2gtk-4-1-lang suse-upgrade-webkit2gtk-4_0-injected-bundles suse-upgrade-webkit2gtk-4_1-injected-bundles suse-upgrade-webkit2gtk-5-0-lang suse-upgrade-webkit2gtk-5_0-injected-bundles suse-upgrade-webkit2gtk3-devel suse-upgrade-webkit2gtk3-minibrowser suse-upgrade-webkit2gtk3-soup2-devel suse-upgrade-webkit2gtk3-soup2-minibrowser suse-upgrade-webkit2gtk4-devel suse-upgrade-webkit2gtk4-minibrowser References https://attackerkb.com/topics/cve-2023-23518 CVE - 2023-23518

SUSE: CVE-2023-0797: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) suse-upgrade-libtiff-devel suse-upgrade-libtiff-devel-32bit suse-upgrade-libtiff5 suse-upgrade-libtiff5-32bit suse-upgrade-tiff References https://attackerkb.com/topics/cve-2023-0797 CVE - 2023-0797 DSA-5361

SUSE: CVE-2023-0799: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) suse-upgrade-libtiff-devel suse-upgrade-libtiff-devel-32bit suse-upgrade-libtiff5 suse-upgrade-libtiff5-32bit suse-upgrade-tiff References https://attackerkb.com/topics/cve-2023-0799 CVE - 2023-0799 DSA-5361