SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-973

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-973

Security update for tiff

Type: security

Severity: moderate

Issued: 2024-03-22

Description:

This update for tiff fixes the following issues:

- CVE-2023-41175: Fixed potential integer overflow in raw2tiff.c (bsc#1214686).
- CVE-2023-38288: Fixed potential integer overflow in raw2tiff.c (bsc#1213590).
- CVE-2023-40745: Fixed integer overflow in tiffcp.c (bsc#1214687).

References

CVE: CVE-2023-41175
CVE: CVE-2023-40745
CVE: CVE-2023-38288
Bugzilla: 1221187 CVE-L3: [EAR - NOT FOR USA Citizens] PTF request for tiff and CVE-2023-40745, CVE-2023-41175 for SLES 11 SP3 Extended Reactive LTSS - DT
Bugzilla: 1214687 VUL-0: CVE-2023-40745: tiff: integer overflow in tiffcp.c
Bugzilla: 1214686 VUL-0: CVE-2023-41175: tiff: potential integer overflow in raw2tiff.c
Bugzilla: 1213590 VUL-0: CVE-2023-38288: tiff: potential integer overflow in raw2tiff.c

Packages

tiff-4.0.9-150000.45.41.1