2224971 – (CVE-2023-38288) CVE-2023-38288 libtiff: potential integer overflow in raw2tiff.c

Bug 2224971 (CVE-2023-38288) - CVE-2023-38288 libtiff: potential integer overflow in raw2tiff.c

Summary: CVE-2023-38288 libtiff: potential integer overflow in raw2tiff.c

Keywords:
Status:	NEW
Alias:	CVE-2023-38288
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2226741 2226742 2226744 2226743
Blocks:	2222912
TreeView+	depends on / blocked

Reported:	2023-07-24 07:02 UTC by Dhananjay Arunesh
Modified:	2023-08-17 19:45 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Dhananjay Arunesh 2023-07-24 07:02:21 UTC

Multiple potential integer overflow in raw2tiff.c in libtiff <= 4.5.1 can allow remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image which triggers a heap-based buffer overflow.

Comment 3 Salvatore Bonaccorso 2023-07-30 22:01:09 UTC

This CVE is referenced at https://gitlab.com/libtiff/libtiff/-/issues/591 (but it looks the content of this RHBZ is swapped with CVE-2023-38289).

Comment 4 Dhananjay Arunesh 2023-08-02 09:28:43 UTC

In reply to comment #3:
> This CVE is referenced at https://gitlab.com/libtiff/libtiff/-/issues/591
> (but it looks the content of this RHBZ is swapped with CVE-2023-38289).

Hi, These CVEs are assigned by us (Red Hat CNA), CVEs attached to the bugs are from the final vulnerabilities report sent by the reporter. I am discussing about this issue with the reporter to rectify from his end.

Comment 5 Salvatore Bonaccorso 2023-08-13 11:44:48 UTC

Hi,

(In reply to Dhananjay Arunesh from comment #4)
> In reply to comment #3:
> > This CVE is referenced at https://gitlab.com/libtiff/libtiff/-/issues/591
> > (but it looks the content of this RHBZ is swapped with CVE-2023-38289).
> 
> Hi, These CVEs are assigned by us (Red Hat CNA), CVEs attached to the bugs
> are from the final vulnerabilities report sent by the reporter. I am
> discussing about this issue with the reporter to rectify from his end.

As this currently causes confusion, as depending where you look you have 
different CVEs swappend, did the reporter agreed on fixing this annotation
on his end?

Would it be easier to swap the CVEs at RedHat CNA, as there were no RedHat
updates yet fixing those issues?

Thanks already in advance for looking into it,

Regards,
Salvatore

Comment 6 Dhananjay Arunesh 2023-08-16 06:18:27 UTC

In reply to comment #5:
> Hi,
> 
> (In reply to Dhananjay Arunesh from comment #4)
> > In reply to comment #3:
> > > This CVE is referenced at https://gitlab.com/libtiff/libtiff/-/issues/591
> > > (but it looks the content of this RHBZ is swapped with CVE-2023-38289).
> > 
> > Hi, These CVEs are assigned by us (Red Hat CNA), CVEs attached to the bugs
> > are from the final vulnerabilities report sent by the reporter. I am
> > discussing about this issue with the reporter to rectify from his end.
We don't have any response from the reporter.
> As this currently causes confusion, as depending where you look you have 
> different CVEs swappend, did the reporter agreed on fixing this annotation
> on his end?
> 
> Would it be easier to swap the CVEs at RedHat CNA, as there were no RedHat
> updates yet fixing those issues?
> 
The CVEs are assigned by Red Hat and I can check the CVEs are public at many places so instead of swapping the CVEs best option is to reject the CVEs and re-assign the flaws with new CVEs.
> Thanks already in advance for looking into it,
> 
> Regards,
> Salvatore

Note You need to log in before you can comment on or make changes to this bug.