ISHACK AI BOT

Red Hat: CVE-2023-0803: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 06/23/2023 Added 06/22/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) redhat-upgrade-libtiff redhat-upgrade-libtiff-debuginfo redhat-upgrade-libtiff-debugsource redhat-upgrade-libtiff-devel redhat-upgrade-libtiff-tools redhat-upgrade-libtiff-tools-debuginfo References CVE-2023-0803 RHSA-2023:3711 RHSA-2023:5353

Red Hat: CVE-2023-0801: out-of-bounds write in _TIFFmemcpy() in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 06/23/2023 Added 06/22/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) redhat-upgrade-libtiff redhat-upgrade-libtiff-debuginfo redhat-upgrade-libtiff-debugsource redhat-upgrade-libtiff-devel redhat-upgrade-libtiff-tools redhat-upgrade-libtiff-tools-debuginfo References CVE-2023-0801 RHSA-2023:3711 RHSA-2023:5353

Red Hat: CVE-2023-0796: out-of-bounds read in extractContigSamplesShifted24bits() in tools/tiffcrop.c (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 06/23/2023 Added 06/22/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) redhat-upgrade-libtiff redhat-upgrade-libtiff-debuginfo redhat-upgrade-libtiff-debugsource redhat-upgrade-libtiff-devel redhat-upgrade-libtiff-tools redhat-upgrade-libtiff-tools-debuginfo References CVE-2023-0796 RHSA-2023:3711

Red Hat: CVE-2023-0799: use-after-free in extractContigSamplesShifted32bits() in tools/tiffcrop.c (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 06/23/2023 Added 06/22/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) redhat-upgrade-libtiff redhat-upgrade-libtiff-debuginfo redhat-upgrade-libtiff-debugsource redhat-upgrade-libtiff-devel redhat-upgrade-libtiff-tools redhat-upgrade-libtiff-tools-debuginfo References CVE-2023-0799 RHSA-2023:3711

Red Hat: CVE-2023-0797: out-of-bounds read in _TIFFmemcpy() in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 06/23/2023 Added 06/22/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) redhat-upgrade-libtiff redhat-upgrade-libtiff-debuginfo redhat-upgrade-libtiff-debugsource redhat-upgrade-libtiff-devel redhat-upgrade-libtiff-tools redhat-upgrade-libtiff-tools-debuginfo References CVE-2023-0797 RHSA-2023:3711

Red Hat: CVE-2023-0802: out-of-bounds write in extractContigSamplesShifted32bits() in tools/tiffcrop.c (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 06/23/2023 Added 06/22/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) redhat-upgrade-libtiff redhat-upgrade-libtiff-debuginfo redhat-upgrade-libtiff-debugsource redhat-upgrade-libtiff-devel redhat-upgrade-libtiff-tools redhat-upgrade-libtiff-tools-debuginfo References CVE-2023-0802 RHSA-2023:3711 RHSA-2023:5353

VMware Photon OS: CVE-2023-0800 Severity 6 CVSS (AV:L/AC:L/Au:N/C:N/I:P/A:C) Published 02/13/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-0800 CVE - 2023-0800

Amazon Linux AMI: CVE-2023-0802: Security patch for libtiff (ALAS-2023-1829) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 09/28/2023 Added 09/26/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) amazon-linux-upgrade-libtiff References ALAS-2023-1829 CVE-2023-0802

Amazon Linux AMI: CVE-2023-0801: Security patch for libtiff (ALAS-2023-1829) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 09/28/2023 Added 09/26/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) amazon-linux-upgrade-libtiff References ALAS-2023-1829 CVE-2023-0801

VMware Photon OS: CVE-2023-0799 Severity 6 CVSS (AV:L/AC:L/Au:N/C:N/I:P/A:C) Published 02/13/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-0799 CVE - 2023-0799

Amazon Linux AMI: CVE-2023-0800: Security patch for libtiff (ALAS-2023-1829) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 09/28/2023 Added 09/26/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) amazon-linux-upgrade-libtiff References ALAS-2023-1829 CVE-2023-0800

Amazon Linux AMI: CVE-2023-0797: Security patch for libtiff (ALAS-2023-1830) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 09/28/2023 Added 09/26/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) amazon-linux-upgrade-libtiff References ALAS-2023-1830 CVE-2023-0797

VMware Photon OS: CVE-2023-0803 Severity 6 CVSS (AV:L/AC:L/Au:N/C:N/I:P/A:C) Published 02/13/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-0803 CVE - 2023-0803

SUSE: CVE-2023-0803: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) suse-upgrade-libtiff-devel suse-upgrade-libtiff-devel-32bit suse-upgrade-libtiff5 suse-upgrade-libtiff5-32bit suse-upgrade-tiff References https://attackerkb.com/topics/cve-2023-0803 CVE - 2023-0803 DSA-5361

CentOS Linux: CVE-2023-0795: Moderate: libtiff security update (CESA-2023:3711) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 06/23/2023 Added 06/22/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) centos-upgrade-libtiff centos-upgrade-libtiff-debuginfo centos-upgrade-libtiff-debugsource centos-upgrade-libtiff-devel centos-upgrade-libtiff-tools-debuginfo References DSA-5361 CVE-2023-0795

CentOS Linux: CVE-2023-0797: Moderate: libtiff security update (CESA-2023:3711) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 06/23/2023 Added 06/22/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) centos-upgrade-libtiff centos-upgrade-libtiff-debuginfo centos-upgrade-libtiff-debugsource centos-upgrade-libtiff-devel centos-upgrade-libtiff-tools-debuginfo References DSA-5361 CVE-2023-0797

CentOS Linux: CVE-2023-0800: Moderate: libtiff security update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 06/23/2023 Added 06/22/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) centos-upgrade-libtiff centos-upgrade-libtiff-debuginfo centos-upgrade-libtiff-debugsource centos-upgrade-libtiff-devel centos-upgrade-libtiff-tools-debuginfo References DSA-5361 CVE-2023-0800

CentOS Linux: CVE-2023-0801: Moderate: libtiff security update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 06/23/2023 Added 06/22/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) centos-upgrade-libtiff centos-upgrade-libtiff-debuginfo centos-upgrade-libtiff-debugsource centos-upgrade-libtiff-devel centos-upgrade-libtiff-tools-debuginfo References DSA-5361 CVE-2023-0801

CentOS Linux: CVE-2023-0804: Moderate: libtiff security update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 06/23/2023 Added 06/22/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) centos-upgrade-libtiff centos-upgrade-libtiff-debuginfo centos-upgrade-libtiff-debugsource centos-upgrade-libtiff-devel centos-upgrade-libtiff-tools-debuginfo References DSA-5361 CVE-2023-0804

Amazon Linux AMI 2: CVE-2023-0799: Security patch for libtiff (ALAS-2023-2236) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 09/08/2023 Added 09/08/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) amazon-linux-ami-2-upgrade-libtiff amazon-linux-ami-2-upgrade-libtiff-debuginfo amazon-linux-ami-2-upgrade-libtiff-devel amazon-linux-ami-2-upgrade-libtiff-static amazon-linux-ami-2-upgrade-libtiff-tools References https://attackerkb.com/topics/cve-2023-0799 AL2/ALAS-2023-2236 CVE - 2023-0799

Amazon Linux AMI 2: CVE-2023-0800: Security patch for compat-libtiff3 (ALAS-2023-2235) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 09/21/2023 Added 09/21/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) amazon-linux-ami-2-upgrade-compat-libtiff3 amazon-linux-ami-2-upgrade-compat-libtiff3-debuginfo References https://attackerkb.com/topics/cve-2023-0800 AL2/ALAS-2023-2235 CVE - 2023-0800

Amazon Linux AMI 2: CVE-2023-0796: Security patch for libtiff (ALAS-2023-2236) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 09/08/2023 Added 09/08/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) amazon-linux-ami-2-upgrade-libtiff amazon-linux-ami-2-upgrade-libtiff-debuginfo amazon-linux-ami-2-upgrade-libtiff-devel amazon-linux-ami-2-upgrade-libtiff-static amazon-linux-ami-2-upgrade-libtiff-tools References https://attackerkb.com/topics/cve-2023-0796 AL2/ALAS-2023-2236 CVE - 2023-0796

Huawei EulerOS: CVE-2023-0795: libtiff security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) huawei-euleros-2_0_sp9-upgrade-libtiff References https://attackerkb.com/topics/cve-2023-0795 CVE - 2023-0795 EulerOS-SA-2023-1874

Amazon Linux AMI 2: CVE-2023-0802: Security patch for compat-libtiff3, libtiff (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 09/08/2023 Added 09/08/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) amazon-linux-ami-2-upgrade-compat-libtiff3 amazon-linux-ami-2-upgrade-compat-libtiff3-debuginfo amazon-linux-ami-2-upgrade-libtiff amazon-linux-ami-2-upgrade-libtiff-debuginfo amazon-linux-ami-2-upgrade-libtiff-devel amazon-linux-ami-2-upgrade-libtiff-static amazon-linux-ami-2-upgrade-libtiff-tools References https://attackerkb.com/topics/cve-2023-0802 AL2/ALAS-2023-2235 AL2/ALAS-2023-2236 CVE - 2023-0802

Huawei EulerOS: CVE-2023-0804: libtiff security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) huawei-euleros-2_0_sp9-upgrade-libtiff References https://attackerkb.com/topics/cve-2023-0804 CVE - 2023-0804 EulerOS-SA-2023-1874