USN-6512-1: LibTIFF vulnerabilities

Packages

tiff - Tag Image File Format (TIFF) library

Details

It was discovered that LibTIFF could be made to run into an infinite loop.
If a user or an automated system were tricked into opening a specially
crafted image file, an attacker could possibly use this issue to cause a
denial of service. (CVE-2022-40090)

It was discovered that LibTIFF could be made leak memory. If a user or an
automated system were tricked into opening a specially crafted image file,
an attacker could possibly use this issue to cause a denial of service.
(CVE-2023-3576)

It was discovered that LibTIFF could be made to run into an infinite loop.
If a user or an automated system were tricked into opening a specially
crafted image file, an attacker could possibly use this issue to cause a
denial of service. (CVE-2022-40090)

It was discovered that LibTIFF could be made leak memory. If a user or an
automated system were tricked into opening a specially crafted image file,
an attacker could possibly use this issue to cause a denial of service.
(CVE-2023-3576)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

Ubuntu Release	Package Version
22.04 jammy	libtiff-tools – 4.3.0-6ubuntu0.7
22.04 jammy	libtiff5 – 4.3.0-6ubuntu0.7
20.04 focal	libtiff-tools – 4.1.0+git191117-2ubuntu0.20.04.11
20.04 focal	libtiff5 – 4.1.0+git191117-2ubuntu0.20.04.11
18.04 bionic	libtiff-tools – 4.0.9-5ubuntu0.10+esm4
18.04 bionic	libtiff5 – 4.0.9-5ubuntu0.10+esm4
16.04 xenial	libtiff-tools – 4.0.6-1ubuntu0.8+esm14
16.04 xenial	libtiff5 – 4.0.6-1ubuntu0.8+esm14
14.04 trusty	libtiff-tools – 4.0.3-7ubuntu0.11+esm11
14.04 trusty	libtiff5 – 4.0.3-7ubuntu0.11+esm11

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

Packages

Details

Update instructions

Reduce your security exposure

References