Source: tiff Version: 4.5.1+git230720-3 Severity: important Tags: security upstream Forwarded: https://gitlab.com/libtiff/libtiff/-/issues/622 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for tiff. CVE-2023-52356[0]: | A segment fault (SEGV) flaw was found in libtiff that could be | triggered by passing a crafted tiff file to the | TIFFReadRGBATileExt() API. This flaw allows a remote attacker to | cause a heap-buffer overflow, leading to a denial of service. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-52356 https://www.cve.org/CVERecord?id=CVE-2023-52356 [1] https://gitlab.com/libtiff/libtiff/-/issues/622 [2] https://gitlab.com/libtiff/libtiff/-/merge_requests/546 https://gitlab.com/libtiff/libtiff/-/commit/51558511bdbbcffdce534db21dbaf5d54b31638a Please adjust the affected versions in the BTS as needed. Regards, Salvatore