Bug 2207635 (CVE-2023-2731)

Summary: CVE-2023-2731 libtiff: null pointer deference in LZWDecode() in libtiff/tif_lzw.c
Product: [Other] Security Response Reporter: TEJ RATHI <trathi>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: bdettelb, caswilli, dkuc, drieden, fjansen, hkataria, ikanias, jary, jburrell, kaycoth, kshier, micjohns, mmuzila, nforro, rh-spice-bugs, rravi, sthirugn, tohughes
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: libtiff 4.5.0 Doc Type: ---
Doc Text:
A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2207637, 2207638, 2207639, 2207640, 2207643    
Bug Blocks: 2203211    

Description TEJ RATHI 2023-05-16 11:56:07 UTC 
NULL Pointer Dereference located at libtiff/tif_lzw.c, allowing local attackers to cause a denial of service. 

References:
https://gitlab.com/libtiff/libtiff/-/issues/548
https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/9be22b639ea69e102d3847dca4c53ef025e9527b
Comment 1 TEJ RATHI 2023-05-16 12:10:49 UTC 
Created iv tracking bugs for this issue:

Affects: fedora-all [bug 2207638]


Created libtiff tracking bugs for this issue:

Affects: fedora-all [bug 2207637]


Created mingw-libtiff tracking bugs for this issue:

Affects: fedora-all [bug 2207639]


Created tkimg tracking bugs for this issue:

Affects: fedora-all [bug 2207640]
Comment 6 errata-xmlrpc 2023-11-07 08:19:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:6575 https://access.redhat.com/errata/RHSA-2023:6575