ISHACK AI BOT

Huawei EulerOS: CVE-2023-0795: libtiff security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 05/05/2023 Added 04/13/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) huawei-euleros-2_0_sp8-upgrade-libtiff huawei-euleros-2_0_sp8-upgrade-libtiff-devel References https://attackerkb.com/topics/cve-2023-0795 CVE - 2023-0795 EulerOS-SA-2023-1599

Huawei EulerOS: CVE-2023-0804: libtiff security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 05/05/2023 Added 04/13/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) huawei-euleros-2_0_sp8-upgrade-libtiff huawei-euleros-2_0_sp8-upgrade-libtiff-devel References https://attackerkb.com/topics/cve-2023-0804 CVE - 2023-0804 EulerOS-SA-2023-1599

Alma Linux: CVE-2023-0802: Moderate: libtiff security update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 06/27/2023 Added 06/27/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) alma-upgrade-libtiff alma-upgrade-libtiff-devel alma-upgrade-libtiff-tools References https://attackerkb.com/topics/cve-2023-0802 CVE - 2023-0802 https://errata.almalinux.org/8/ALSA-2023-5353.html https://errata.almalinux.org/9/ALSA-2023-3711.html

Alma Linux: CVE-2023-0803: Moderate: libtiff security update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 06/27/2023 Added 06/27/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) alma-upgrade-libtiff alma-upgrade-libtiff-devel alma-upgrade-libtiff-tools References https://attackerkb.com/topics/cve-2023-0803 CVE - 2023-0803 https://errata.almalinux.org/8/ALSA-2023-5353.html https://errata.almalinux.org/9/ALSA-2023-3711.html

Alma Linux: CVE-2023-0804: Moderate: libtiff security update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 06/27/2023 Added 06/27/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) alma-upgrade-libtiff alma-upgrade-libtiff-devel alma-upgrade-libtiff-tools References https://attackerkb.com/topics/cve-2023-0804 CVE - 2023-0804 https://errata.almalinux.org/8/ALSA-2023-5353.html https://errata.almalinux.org/9/ALSA-2023-3711.html

Huawei EulerOS: CVE-2023-0797: libtiff security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 05/05/2023 Added 04/13/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) huawei-euleros-2_0_sp8-upgrade-libtiff huawei-euleros-2_0_sp8-upgrade-libtiff-devel References https://attackerkb.com/topics/cve-2023-0797 CVE - 2023-0797 EulerOS-SA-2023-1599

Huawei EulerOS: CVE-2023-0796: libtiff security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 05/05/2023 Added 04/13/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) huawei-euleros-2_0_sp8-upgrade-libtiff huawei-euleros-2_0_sp8-upgrade-libtiff-devel References https://attackerkb.com/topics/cve-2023-0796 CVE - 2023-0796 EulerOS-SA-2023-1599

Alma Linux: CVE-2023-0801: Moderate: libtiff security update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 06/27/2023 Added 06/27/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) alma-upgrade-libtiff alma-upgrade-libtiff-devel alma-upgrade-libtiff-tools References https://attackerkb.com/topics/cve-2023-0801 CVE - 2023-0801 https://errata.almalinux.org/8/ALSA-2023-5353.html https://errata.almalinux.org/9/ALSA-2023-3711.html

Huawei EulerOS: CVE-2023-0799: libtiff security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 05/05/2023 Added 04/13/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) huawei-euleros-2_0_sp8-upgrade-libtiff huawei-euleros-2_0_sp8-upgrade-libtiff-devel References https://attackerkb.com/topics/cve-2023-0799 CVE - 2023-0799 EulerOS-SA-2023-1599

Huawei EulerOS: CVE-2023-0798: libtiff security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 05/05/2023 Added 04/13/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) huawei-euleros-2_0_sp8-upgrade-libtiff huawei-euleros-2_0_sp8-upgrade-libtiff-devel References https://attackerkb.com/topics/cve-2023-0798 CVE - 2023-0798 EulerOS-SA-2023-1599

Amazon Linux AMI 2: CVE-2023-0795: Security patch for libtiff (ALAS-2023-2236) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 09/08/2023 Added 09/08/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) amazon-linux-ami-2-upgrade-libtiff amazon-linux-ami-2-upgrade-libtiff-debuginfo amazon-linux-ami-2-upgrade-libtiff-devel amazon-linux-ami-2-upgrade-libtiff-static amazon-linux-ami-2-upgrade-libtiff-tools References https://attackerkb.com/topics/cve-2023-0795 AL2/ALAS-2023-2236 CVE - 2023-0795

Amazon Linux AMI 2: CVE-2023-0797: Security patch for libtiff (ALAS-2023-2236) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 09/08/2023 Added 09/08/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) amazon-linux-ami-2-upgrade-libtiff amazon-linux-ami-2-upgrade-libtiff-debuginfo amazon-linux-ami-2-upgrade-libtiff-devel amazon-linux-ami-2-upgrade-libtiff-static amazon-linux-ami-2-upgrade-libtiff-tools References https://attackerkb.com/topics/cve-2023-0797 AL2/ALAS-2023-2236 CVE - 2023-0797

Amazon Linux AMI 2: CVE-2023-0801: Security patch for compat-libtiff3 (ALAS-2023-2235) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 09/21/2023 Added 09/21/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) amazon-linux-ami-2-upgrade-compat-libtiff3 amazon-linux-ami-2-upgrade-compat-libtiff3-debuginfo References https://attackerkb.com/topics/cve-2023-0801 AL2/ALAS-2023-2235 CVE - 2023-0801

Amazon Linux AMI 2: CVE-2023-0798: Security patch for libtiff (ALAS-2023-2236) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 09/08/2023 Added 09/08/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) amazon-linux-ami-2-upgrade-libtiff amazon-linux-ami-2-upgrade-libtiff-debuginfo amazon-linux-ami-2-upgrade-libtiff-devel amazon-linux-ami-2-upgrade-libtiff-static amazon-linux-ami-2-upgrade-libtiff-tools References https://attackerkb.com/topics/cve-2023-0798 AL2/ALAS-2023-2236 CVE - 2023-0798

FreeBSD: VID-3ECCC968-AB17-11ED-BD9E-589CFC0F81B0: phpmyfaq -- multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/12/2023 Created 02/17/2023 Added 02/14/2023 Modified 02/14/2023 Description phpmyfaq developers report: a bypass to flood admin with FAQ proposals stored XSS in questions stored HTML injections weak passwords Solution(s) freebsd-upgrade-package-phpmyfaq

Oracle Linux: CVE-2023-0799: ELSA-2023-3711:libtiff security update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 02/12/2023 Created 06/23/2023 Added 06/22/2023 Modified 11/30/2024 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to a use-after-free problem in the extractContigSamplesShifted32bits function in tools/tiffcrop.c, resulting in a Denial of Service. Solution(s) oracle-linux-upgrade-libtiff oracle-linux-upgrade-libtiff-devel oracle-linux-upgrade-libtiff-tools References https://attackerkb.com/topics/cve-2023-0799 CVE - 2023-0799 ELSA-2023-3711

Huawei EulerOS: CVE-2023-0800: libtiff security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 05/05/2023 Added 04/13/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) huawei-euleros-2_0_sp8-upgrade-libtiff huawei-euleros-2_0_sp8-upgrade-libtiff-devel References https://attackerkb.com/topics/cve-2023-0800 CVE - 2023-0800 EulerOS-SA-2023-1599

Oracle Linux: CVE-2023-0795: ELSA-2023-3711:libtiff security update (MODERATE) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:N/C:P/I:N/A:C) Published 02/12/2023 Created 06/23/2023 Added 06/22/2023 Modified 11/30/2024 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure. Solution(s) oracle-linux-upgrade-libtiff oracle-linux-upgrade-libtiff-devel oracle-linux-upgrade-libtiff-tools References https://attackerkb.com/topics/cve-2023-0795 CVE - 2023-0795 ELSA-2023-3711

Amazon Linux 2023: CVE-2023-0803: Important priority package update for libtiff Severity 6 CVSS (AV:L/AC:L/Au:N/C:N/I:P/A:C) Published 02/12/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification. Solution(s) amazon-linux-2023-upgrade-libtiff amazon-linux-2023-upgrade-libtiff-debuginfo amazon-linux-2023-upgrade-libtiff-debugsource amazon-linux-2023-upgrade-libtiff-devel amazon-linux-2023-upgrade-libtiff-static amazon-linux-2023-upgrade-libtiff-tools amazon-linux-2023-upgrade-libtiff-tools-debuginfo References https://attackerkb.com/topics/cve-2023-0803 CVE - 2023-0803 https://alas.aws.amazon.com/AL2023/ALAS-2023-255.html

Amazon Linux 2023: CVE-2023-0804: Medium priority package update for libtiff Severity 6 CVSS (AV:L/AC:L/Au:N/C:N/I:P/A:C) Published 02/12/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted24bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification. Solution(s) amazon-linux-2023-upgrade-libtiff amazon-linux-2023-upgrade-libtiff-debuginfo amazon-linux-2023-upgrade-libtiff-debugsource amazon-linux-2023-upgrade-libtiff-devel amazon-linux-2023-upgrade-libtiff-static amazon-linux-2023-upgrade-libtiff-tools amazon-linux-2023-upgrade-libtiff-tools-debuginfo References https://attackerkb.com/topics/cve-2023-0804 CVE - 2023-0804 https://alas.aws.amazon.com/AL2023/ALAS-2023-230.html

Oracle Linux: CVE-2023-0802: ELSA-2023-3711:libtiff security update (MODERATE) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:N/C:N/I:P/A:C) Published 02/12/2023 Created 06/23/2023 Added 06/22/2023 Modified 12/06/2024 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted32bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification. Solution(s) oracle-linux-upgrade-libtiff oracle-linux-upgrade-libtiff-devel oracle-linux-upgrade-libtiff-tools References https://attackerkb.com/topics/cve-2023-0802 CVE - 2023-0802 ELSA-2023-3711 ELSA-2023-5353

Oracle Linux: CVE-2023-0798: ELSA-2023-3711:libtiff security update (MODERATE) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:N/C:P/I:N/A:C) Published 02/12/2023 Created 06/23/2023 Added 06/22/2023 Modified 11/30/2024 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted8bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure. Solution(s) oracle-linux-upgrade-libtiff oracle-linux-upgrade-libtiff-devel oracle-linux-upgrade-libtiff-tools References https://attackerkb.com/topics/cve-2023-0798 CVE - 2023-0798 ELSA-2023-3711

Oracle Linux: CVE-2023-0797: ELSA-2023-3711:libtiff security update (MODERATE) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:N/C:P/I:N/A:C) Published 02/12/2023 Created 06/23/2023 Added 06/22/2023 Modified 11/30/2024 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the _TIFFmemcpy function in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure. Solution(s) oracle-linux-upgrade-libtiff oracle-linux-upgrade-libtiff-devel oracle-linux-upgrade-libtiff-tools References https://attackerkb.com/topics/cve-2023-0797 CVE - 2023-0797 ELSA-2023-3711

Amazon Linux 2023: CVE-2023-0800: Medium priority package update for libtiff Severity 6 CVSS (AV:L/AC:L/Au:N/C:N/I:P/A:C) Published 02/12/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification. Solution(s) amazon-linux-2023-upgrade-libtiff amazon-linux-2023-upgrade-libtiff-debuginfo amazon-linux-2023-upgrade-libtiff-debugsource amazon-linux-2023-upgrade-libtiff-devel amazon-linux-2023-upgrade-libtiff-static amazon-linux-2023-upgrade-libtiff-tools amazon-linux-2023-upgrade-libtiff-tools-debuginfo References https://attackerkb.com/topics/cve-2023-0800 CVE - 2023-0800 https://alas.aws.amazon.com/AL2023/ALAS-2023-230.html

Amazon Linux 2023: CVE-2023-0802: Important priority package update for libtiff Severity 6 CVSS (AV:L/AC:L/Au:N/C:N/I:P/A:C) Published 02/12/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted32bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification. Solution(s) amazon-linux-2023-upgrade-libtiff amazon-linux-2023-upgrade-libtiff-debuginfo amazon-linux-2023-upgrade-libtiff-debugsource amazon-linux-2023-upgrade-libtiff-devel amazon-linux-2023-upgrade-libtiff-static amazon-linux-2023-upgrade-libtiff-tools amazon-linux-2023-upgrade-libtiff-tools-debuginfo References https://attackerkb.com/topics/cve-2023-0802 CVE - 2023-0802 https://alas.aws.amazon.com/AL2023/ALAS-2023-255.html