USN-6644-2: LibTIFF vulnerabilities

Releases

• Ubuntu 22.04 LTS

Packages

• tiff - Tag Image File Format (TIFF) library

Details

USN-6644-1 fixed vulnerabilities in LibTIFF.
This update provides the corresponding updates for Ubuntu 22.04 LTS.

Original advisory details:

It was discovered that LibTIFF incorrectly handled certain files. If
a user were tricked into opening a specially crafted file, an attacker
could possibly use this issue to cause the application to crash, resulting
in a denial of service. (CVE-2023-52356)

It was discovered that LibTIFF incorrectly handled certain image files
with the tiffcp utility. If a user were tricked into opening a specially
crafted image file, an attacker could possibly use this issue to cause
tiffcp to crash, resulting in a denial of service. (CVE-2023-6228)

It was discovered that LibTIFF incorrectly handled certain files. If
a user were tricked into opening a specially crafted file, an attacker
could possibly use this issue to cause the application to consume
resources, resulting in a denial of service. (CVE-2023-6277)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 22.04

• libtiff-tools - 4.3.0-6ubuntu0.8
• libtiff5 - 4.3.0-6ubuntu0.8

In general, a standard system update will make all the necessary changes.

References

• CVE-2023-52356
• CVE-2023-6228
• CVE-2023-6277

Related notices

• USN-6644-1: tiff, libtiff-dev, libtiffxx6, libtiff4-dev, libtiff6, libtiff5-alt-dev, libtiffxx5, libtiff-doc, libtiff5-dev, libtiff-opengl, libtiff-tools, libtiff5