New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
libtiff: Multiple Security Vulnerabilities on current 4.4.0 #4616
Comments
CamberLoid
added
security
Topic/issue involves a security issue/fixed
0day
Topic/issue involves a 0-day security issue and must be addressed immediately
2023h1
labels
Jul 10, 2023
CamberLoid
added a commit
that referenced
this issue
Jul 11, 2023
* Switch to cmakeninja, which is faster than GNU autotools; * Drop upstream-merged patches; * sover bumped and breaks API. Massive rebuilds required. Signed-off-by: Camber Huang <camber@poi.science>
CamberLoid
added a commit
that referenced
this issue
Jul 11, 2023
* Switch to cmakeninja, which is faster than GNU autotools; * Drop upstream-merged patches; * sover bumped and breaks API. Massive rebuilds required. Signed-off-by: Camber Huang <camber@poi.science>
CamberLoid
added a commit
that referenced
this issue
Jul 11, 2023
* Switch to cmakeninja, which is faster than GNU autotools; * Drop upstream-merged patches; * sover bumped and breaks API. Massive rebuilds required. Signed-off-by: Camber Huang <camber@poi.science>
CamberLoid
added a commit
that referenced
this issue
Jul 26, 2023
* Switch to cmakeninja, which is faster than GNU autotools; * Drop upstream-merged patches; * sover bumped and breaks API. Massive rebuilds required. Signed-off-by: Camber Huang <camber@poi.science>
CamberLoid
added a commit
that referenced
this issue
Aug 11, 2023
* Switch to cmakeninja, which is faster than GNU autotools; * Drop upstream-merged patches; * sover bumped and breaks API. Massive rebuilds required. Signed-off-by: Camber Huang <camber@poi.science>
CamberLoid
added a commit
that referenced
this issue
Aug 15, 2023
* Switch to cmakeninja, which is faster than GNU autotools; * Drop upstream-merged patches; * sover bumped and breaks API. Massive rebuilds required. Signed-off-by: Camber Huang <camber@poi.science>
CamberLoid
added a commit
that referenced
this issue
Sep 17, 2023
* Switch to cmakeninja, which is faster than GNU autotools; * Drop upstream-merged patches; * sover bumped and breaks API. Massive rebuilds required. Signed-off-by: Camber Huang <camber@poi.science>
jiegec
pushed a commit
that referenced
this issue
Feb 27, 2024
* Switch to cmakeninja, which is faster than GNU autotools; * Drop upstream-merged patches; * sover bumped and breaks API. Massive rebuilds required. Signed-off-by: Camber Huang <camber@poi.science>
jiegec
pushed a commit
that referenced
this issue
Apr 4, 2024
* Drop upstream-merged patches; * sover bumped and breaks API. Massive rebuilds required. Signed-off-by: Camber Huang <camber@poi.science>
jiegec
pushed a commit
that referenced
this issue
Apr 5, 2024
* Drop upstream-merged patches; * sover bumped and breaks API. Massive rebuilds required. Signed-off-by: Camber Huang <camber@poi.science>
jiegec
pushed a commit
that referenced
this issue
Apr 13, 2024
* Drop upstream-merged patches; * sover bumped and breaks API. Massive rebuilds required. Signed-off-by: Camber Huang <camber@poi.science>
jiegec
pushed a commit
that referenced
this issue
Apr 25, 2024
* Drop upstream-merged patches; * sover bumped and breaks API. Massive rebuilds required. Signed-off-by: Camber Huang <camber@poi.science>
jiegec
pushed a commit
that referenced
this issue
May 7, 2024
* Drop upstream-merged patches; * sover bumped and breaks API. Massive rebuilds required. Signed-off-by: Camber Huang <camber@poi.science>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE IDs
CVE-2022-2056, CVE-2022-2057, CVE-2022-2058, CVE-2022-3570, CVE-2022-3597, CVE-2022-3598, CVE-2022-3599, CVE-2022-3626, CVE-2022-3627, CVE-2022-48281, CVE-2023-30775, CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0799, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804, CVE-2023-30774, CVE-2023-30775
Other security advisory IDs
Debian:
Description
tiffcrop
tiffcrop
tiffcrop
. Low S.tiffcrop
.TIFFReadRGBATileExt
of the filelibtiff/tif_getimage.c
. Known to public exploited.Affected packages:
libtiff
: 4.4.0 + patchsetlibtiff+32
Severity
High, potential 0-day (CVE-2022-3970)
Patches
Update to 4.5.1
PoC(s)
See original bug reports.
The text was updated successfully, but these errors were encountered: