发布于3月6日3月6日 Members Oracle Linux: CVE-2023-0796: ELSA-2023-3711:libtiff security update (MODERATE) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:N/C:P/I:N/A:C) Published 02/12/2023 Created 06/23/2023 Added 06/22/2023 Modified 11/30/2024 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted24bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure. Solution(s) oracle-linux-upgrade-libtiff oracle-linux-upgrade-libtiff-devel oracle-linux-upgrade-libtiff-tools References https://attackerkb.com/topics/cve-2023-0796 CVE - 2023-0796 ELSA-2023-3711
