Advisories » MGASA-2024-0055

Updated libtiff packages fix security vulnerability

Publication date: 12 Mar 2024
Modification date: 19 Mar 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-52356

Description

A segment fault (SEGV) flaw was found in libtiff that could be triggered
by passing a crafted tiff file to the TIFFReadRGBATileExt() API.
This flaw allows a remote attacker to cause a heap-buffer overflow,
leading to a denial of service. (CVE-2023-52356)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=32959
• https://lwn.net/Articles/965011/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52356
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52356

SRPMS

9/core

• libtiff-4.5.1-1.1.mga9