Overview

File _patchinfo of Package patchinfo.31355

<patchinfo incident="31355">
  <issue tracker="cve" id="2023-2908"/>
  <issue tracker="cve" id="2020-18768"/>
  <issue tracker="cve" id="2023-25433"/>
  <issue tracker="cve" id="2023-26966"/>
  <issue tracker="cve" id="2023-38288"/>
  <issue tracker="cve" id="2023-3316"/>
  <issue tracker="cve" id="2023-3576"/>
  <issue tracker="cve" id="2023-38289"/>
  <issue tracker="cve" id="2023-3618"/>
  <issue tracker="bnc" id="1213589">VUL-0: CVE-2023-38289: tiff: integer overflow in tiffcp.c</issue>
  <issue tracker="bnc" id="1214574">VUL-0: CVE-2020-18768: tiff: heap buffer overflow in _TIFFmemcpy in tif_unix.c</issue>
  <issue tracker="bnc" id="1212888">VUL-0: CVE-2023-2908: tiff: null pointer dereference in tif_dir.c</issue>
  <issue tracker="bnc" id="1212535">VUL-0: CVE-2023-3316: tiff: null pointer dereference in TIFFClose()</issue>
  <issue tracker="bnc" id="1213273">VUL-1: CVE-2023-3576: tiff: memory leak in tiffcrop.c</issue>
  <issue tracker="bnc" id="1213274">VUL-0: CVE-2023-3618: tiff: NULL pointer dereference in Fax3Encode() in libtiff/tif_fax3.c</issue>
  <issue tracker="bnc" id="1213590">VUL-0: CVE-2023-38288: tiff: potential integer overflow in raw2tiff.c</issue>
  <issue tracker="bnc" id="1212881">VUL-0: CVE-2023-26966: tiff: Buffer Overflow in uv_encode()</issue>
  <issue tracker="bnc" id="1212883">VUL-0: CVE-2023-25433: tiff: Buffer Overflow via /libtiff/tools/tiffcrop.c</issue>
  <packager>mvetter</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for tiff</summary>
  <description>This update for tiff fixes the following issues:

- CVE-2023-38289: Fixed a NULL pointer dereference in raw2tiff
  (bsc#1213589).
- CVE-2023-38288: Fixed an integer overflow in raw2tiff (bsc#1213590).
- CVE-2023-3576: Fixed a memory leak in tiffcrop (bsc#1213273).
- CVE-2020-18768: Fixed an out of bounds read in tiffcp (bsc#1214574).
- CVE-2023-26966: Fixed an out of bounds read when transforming a
  little-endian file to a big-endian output (bsc#1212881)
- CVE-2023-3618: Fixed a NULL pointer dereference while encoding FAX3
  files (bsc#1213274).
- CVE-2023-2908: Fixed an undefined behavior issue when doing pointer
  arithmetic on a NULL pointer (bsc#1212888).
- CVE-2023-3316: Fixed a NULL pointer dereference while opening a file
  in an inaccessible path (bsc#1212535).
- CVE-2023-25433: Fixed a buffer overflow in tiffcrop (bsc#1212883).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places