Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/63671?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/63671?format=api", "purl": "pkg:conan/libtiff@4.5.0", "type": "conan", "namespace": "", "name": "libtiff", "version": "4.5.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.5.1", "latest_non_vulnerable_version": "4.5.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45464?format=api", "vulnerability_id": "VCID-8pzd-tzc6-w7a8", "summary": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')\nlibtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753.", "references": [ { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/518", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/518" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25435", "reference_id": "CVE-2023-25435", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25435" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64564?format=api", "purl": "pkg:conan/libtiff@4.5.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.5.1" } ], "aliases": [ "CVE-2023-25435" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8pzd-tzc6-w7a8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45521?format=api", "vulnerability_id": "VCID-arvt-qqf4-wbg2", "summary": "NULL Pointer Dereference\nA null pointer dereference issue was discovered in Libtiff's tif_dir.c file. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcp utility, which triggers runtime error, causing an undefined behavior, resulting in an application crash, eventually leading to a denial of service.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218830" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/479", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/479" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-2908", "reference_id": "CVE-2023-2908", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2023-2908" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2908", "reference_id": "CVE-2023-2908", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2908" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64564?format=api", "purl": "pkg:conan/libtiff@4.5.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.5.1" } ], "aliases": [ "CVE-2023-2908" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-arvt-qqf4-wbg2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44893?format=api", "vulnerability_id": "VCID-d52s-g5c7-qka3", "summary": "Out-of-bounds Read\nA flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x.", "references": [ { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/536", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/536" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/536,", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/536," }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/537", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/537" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1916", "reference_id": "CVE-2023-1916", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1916" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64564?format=api", "purl": "pkg:conan/libtiff@4.5.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.5.1" } ], "aliases": [ "CVE-2023-1916" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d52s-g5c7-qka3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45398?format=api", "vulnerability_id": "VCID-dgyb-2jpx-7ber", "summary": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')\nlibtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215.", "references": [ { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/519" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25434", "reference_id": "CVE-2023-25434", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25434" } ], "fixed_packages": [], "aliases": [ "CVE-2023-25434" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dgyb-2jpx-7ber" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3156?format=api", "vulnerability_id": "VCID-g46h-2sqe-xkbk", "summary": "", "references": [ { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/commit/d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/488", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/488" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00037.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00037.html" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2023/dsa-5333" }, { "reference_url": "https://security.archlinux.org/AVG-2842", "reference_id": "AVG-2842", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2842" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48281", "reference_id": "CVE-2022-48281", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48281" } ], "fixed_packages": [], "aliases": [ "CVE-2022-48281" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g46h-2sqe-xkbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45374?format=api", "vulnerability_id": "VCID-q39u-5dd6-qyd2", "summary": "Out-of-bounds Write\nloadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.", "references": [ { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/472" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26965", "reference_id": "CVE-2023-26965", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26965" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64564?format=api", "purl": "pkg:conan/libtiff@4.5.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.5.1" } ], "aliases": [ "CVE-2023-26965" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q39u-5dd6-qyd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45518?format=api", "vulnerability_id": "VCID-trbp-mf1m-6kbm", "summary": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')\nlibtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV.", "references": [ { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/520" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/467" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25433", "reference_id": "CVE-2023-25433", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25433" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64564?format=api", "purl": "pkg:conan/libtiff@4.5.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.5.1" } ], "aliases": [ "CVE-2023-25433" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-trbp-mf1m-6kbm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45513?format=api", "vulnerability_id": "VCID-y3yu-p8ng-buhc", "summary": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')\nlibtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.", "references": [ { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/530", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/530" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/473" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26966", "reference_id": "CVE-2023-26966", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26966" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64564?format=api", "purl": "pkg:conan/libtiff@4.5.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.5.1" } ], "aliases": [ "CVE-2023-26966" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y3yu-p8ng-buhc" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44446?format=api", "vulnerability_id": "VCID-2chc-4dg7-eyah", "summary": "Out-of-bounds Write\nLibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "references": [ { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/498" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0801", "reference_id": "CVE-2023-0801", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0801" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0801.json", "reference_id": "CVE-2023-0801.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0801.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63671?format=api", "purl": "pkg:conan/libtiff@4.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8pzd-tzc6-w7a8" }, { "vulnerability": "VCID-arvt-qqf4-wbg2" }, { "vulnerability": "VCID-d52s-g5c7-qka3" }, { "vulnerability": "VCID-dgyb-2jpx-7ber" }, { "vulnerability": "VCID-g46h-2sqe-xkbk" }, { "vulnerability": "VCID-q39u-5dd6-qyd2" }, { "vulnerability": "VCID-trbp-mf1m-6kbm" }, { "vulnerability": "VCID-y3yu-p8ng-buhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.5.0" } ], "aliases": [ "CVE-2023-0801" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2chc-4dg7-eyah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44431?format=api", "vulnerability_id": "VCID-2q3f-jw6b-w7dp", "summary": "Out-of-bounds Read\nLibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "references": [ { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/495", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/495" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0797", "reference_id": "CVE-2023-0797", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0797" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0797.json", "reference_id": "CVE-2023-0797.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0797.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63671?format=api", "purl": "pkg:conan/libtiff@4.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8pzd-tzc6-w7a8" }, { "vulnerability": "VCID-arvt-qqf4-wbg2" }, { "vulnerability": "VCID-d52s-g5c7-qka3" }, { "vulnerability": "VCID-dgyb-2jpx-7ber" }, { "vulnerability": "VCID-g46h-2sqe-xkbk" }, { "vulnerability": "VCID-q39u-5dd6-qyd2" }, { "vulnerability": "VCID-trbp-mf1m-6kbm" }, { "vulnerability": "VCID-y3yu-p8ng-buhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.5.0" } ], "aliases": [ "CVE-2023-0797" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2q3f-jw6b-w7dp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44445?format=api", "vulnerability_id": "VCID-6daw-xvw5-tyfw", "summary": "Use After Free\nLibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "references": [ { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/494", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/494" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0799", "reference_id": "CVE-2023-0799", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0799" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0799.json", "reference_id": "CVE-2023-0799.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0799.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63671?format=api", "purl": "pkg:conan/libtiff@4.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8pzd-tzc6-w7a8" }, { "vulnerability": "VCID-arvt-qqf4-wbg2" }, { "vulnerability": "VCID-d52s-g5c7-qka3" }, { "vulnerability": "VCID-dgyb-2jpx-7ber" }, { "vulnerability": "VCID-g46h-2sqe-xkbk" }, { "vulnerability": "VCID-q39u-5dd6-qyd2" }, { "vulnerability": "VCID-trbp-mf1m-6kbm" }, { "vulnerability": "VCID-y3yu-p8ng-buhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.5.0" } ], "aliases": [ "CVE-2023-0799" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6daw-xvw5-tyfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44437?format=api", "vulnerability_id": "VCID-bhkq-eqaw-1fba", "summary": "Out-of-bounds Write\nLibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "references": [ { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/496", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/496" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0800", "reference_id": "CVE-2023-0800", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0800" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0800.json", "reference_id": "CVE-2023-0800.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0800.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63671?format=api", "purl": "pkg:conan/libtiff@4.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8pzd-tzc6-w7a8" }, { "vulnerability": "VCID-arvt-qqf4-wbg2" }, { "vulnerability": "VCID-d52s-g5c7-qka3" }, { "vulnerability": "VCID-dgyb-2jpx-7ber" }, { "vulnerability": "VCID-g46h-2sqe-xkbk" }, { "vulnerability": "VCID-q39u-5dd6-qyd2" }, { "vulnerability": "VCID-trbp-mf1m-6kbm" }, { "vulnerability": "VCID-y3yu-p8ng-buhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.5.0" } ], "aliases": [ "CVE-2023-0800" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bhkq-eqaw-1fba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44430?format=api", "vulnerability_id": "VCID-ccsd-p6nq-93ae", "summary": "Out-of-bounds Write\nLibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "references": [ { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/500", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/500" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0802", "reference_id": "CVE-2023-0802", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0802" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0802.json", "reference_id": "CVE-2023-0802.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0802.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63671?format=api", "purl": "pkg:conan/libtiff@4.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8pzd-tzc6-w7a8" }, { "vulnerability": "VCID-arvt-qqf4-wbg2" }, { "vulnerability": "VCID-d52s-g5c7-qka3" }, { "vulnerability": "VCID-dgyb-2jpx-7ber" }, { "vulnerability": "VCID-g46h-2sqe-xkbk" }, { "vulnerability": "VCID-q39u-5dd6-qyd2" }, { "vulnerability": "VCID-trbp-mf1m-6kbm" }, { "vulnerability": "VCID-y3yu-p8ng-buhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.5.0" } ], "aliases": [ "CVE-2023-0802" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ccsd-p6nq-93ae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45231?format=api", "vulnerability_id": "VCID-f1xy-5b5z-2ke7", "summary": "NULL Pointer Dereference\nA NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207635", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207635" }, { "reference_url": "https://github.com/libsdl-org/libtiff/commit/9be22b639ea69e102d3847dca4c53ef025e9527b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libsdl-org/libtiff/commit/9be22b639ea69e102d3847dca4c53ef025e9527b" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/548", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/548" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-2731", "reference_id": "CVE-2023-2731", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2023-2731" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2731", "reference_id": "CVE-2023-2731", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2731" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63671?format=api", "purl": "pkg:conan/libtiff@4.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8pzd-tzc6-w7a8" }, { "vulnerability": "VCID-arvt-qqf4-wbg2" }, { "vulnerability": "VCID-d52s-g5c7-qka3" }, { "vulnerability": "VCID-dgyb-2jpx-7ber" }, { "vulnerability": "VCID-g46h-2sqe-xkbk" }, { "vulnerability": "VCID-q39u-5dd6-qyd2" }, { "vulnerability": "VCID-trbp-mf1m-6kbm" }, { "vulnerability": "VCID-y3yu-p8ng-buhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.5.0" } ], "aliases": [ "CVE-2023-2731" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f1xy-5b5z-2ke7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44435?format=api", "vulnerability_id": "VCID-n6xy-jdpr-tfbq", "summary": "Out-of-bounds Read\nLibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "references": [ { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/493", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/493" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0795", "reference_id": "CVE-2023-0795", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0795" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0795.json", "reference_id": "CVE-2023-0795.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0795.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63671?format=api", "purl": "pkg:conan/libtiff@4.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8pzd-tzc6-w7a8" }, { "vulnerability": "VCID-arvt-qqf4-wbg2" }, { "vulnerability": "VCID-d52s-g5c7-qka3" }, { "vulnerability": "VCID-dgyb-2jpx-7ber" }, { "vulnerability": "VCID-g46h-2sqe-xkbk" }, { "vulnerability": "VCID-q39u-5dd6-qyd2" }, { "vulnerability": "VCID-trbp-mf1m-6kbm" }, { "vulnerability": "VCID-y3yu-p8ng-buhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.5.0" } ], "aliases": [ "CVE-2023-0795" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n6xy-jdpr-tfbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44439?format=api", "vulnerability_id": "VCID-pnp2-whuf-w3d7", "summary": "Out-of-bounds Write\nLibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "references": [ { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/497", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/497" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0804", "reference_id": "CVE-2023-0804", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0804" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0804.json", "reference_id": "CVE-2023-0804.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0804.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63671?format=api", "purl": "pkg:conan/libtiff@4.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8pzd-tzc6-w7a8" }, { "vulnerability": "VCID-arvt-qqf4-wbg2" }, { "vulnerability": "VCID-d52s-g5c7-qka3" }, { "vulnerability": "VCID-dgyb-2jpx-7ber" }, { "vulnerability": "VCID-g46h-2sqe-xkbk" }, { "vulnerability": "VCID-q39u-5dd6-qyd2" }, { "vulnerability": "VCID-trbp-mf1m-6kbm" }, { "vulnerability": "VCID-y3yu-p8ng-buhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.5.0" } ], "aliases": [ "CVE-2023-0804" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pnp2-whuf-w3d7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44440?format=api", "vulnerability_id": "VCID-rben-hn5u-kqdh", "summary": "Out-of-bounds Read\nLibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "references": [ { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/492", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/492" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0798", "reference_id": "CVE-2023-0798", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0798" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0798.json", "reference_id": "CVE-2023-0798.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0798.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63671?format=api", "purl": "pkg:conan/libtiff@4.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8pzd-tzc6-w7a8" }, { "vulnerability": "VCID-arvt-qqf4-wbg2" }, { "vulnerability": "VCID-d52s-g5c7-qka3" }, { "vulnerability": "VCID-dgyb-2jpx-7ber" }, { "vulnerability": "VCID-g46h-2sqe-xkbk" }, { "vulnerability": "VCID-q39u-5dd6-qyd2" }, { "vulnerability": "VCID-trbp-mf1m-6kbm" }, { "vulnerability": "VCID-y3yu-p8ng-buhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.5.0" } ], "aliases": [ "CVE-2023-0798" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rben-hn5u-kqdh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44443?format=api", "vulnerability_id": "VCID-tynz-dfpk-6kgb", "summary": "Out-of-bounds Write\nLibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.", "references": [ { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/501", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/501" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0803", "reference_id": "CVE-2023-0803", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0803" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0803.json", "reference_id": "CVE-2023-0803.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0803.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63671?format=api", "purl": "pkg:conan/libtiff@4.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8pzd-tzc6-w7a8" }, { "vulnerability": "VCID-arvt-qqf4-wbg2" }, { "vulnerability": "VCID-d52s-g5c7-qka3" }, { "vulnerability": "VCID-dgyb-2jpx-7ber" }, { "vulnerability": "VCID-g46h-2sqe-xkbk" }, { "vulnerability": "VCID-q39u-5dd6-qyd2" }, { "vulnerability": "VCID-trbp-mf1m-6kbm" }, { "vulnerability": "VCID-y3yu-p8ng-buhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.5.0" } ], "aliases": [ "CVE-2023-0803" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tynz-dfpk-6kgb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45239?format=api", "vulnerability_id": "VCID-xms6-c2j7-hfh8", "summary": "Out-of-bounds Write\nA vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187141", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187141" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/464", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/464" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-30775", "reference_id": "CVE-2023-30775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2023-30775" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30775", "reference_id": "CVE-2023-30775", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30775" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63671?format=api", "purl": "pkg:conan/libtiff@4.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8pzd-tzc6-w7a8" }, { "vulnerability": "VCID-arvt-qqf4-wbg2" }, { "vulnerability": "VCID-d52s-g5c7-qka3" }, { "vulnerability": "VCID-dgyb-2jpx-7ber" }, { "vulnerability": "VCID-g46h-2sqe-xkbk" }, { "vulnerability": "VCID-q39u-5dd6-qyd2" }, { "vulnerability": "VCID-trbp-mf1m-6kbm" }, { "vulnerability": "VCID-y3yu-p8ng-buhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.5.0" } ], "aliases": [ "CVE-2023-30775" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xms6-c2j7-hfh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44434?format=api", "vulnerability_id": "VCID-yfgk-2pdu-w3gc", "summary": "Out-of-bounds Read\nLibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.", "references": [ { "reference_url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68" }, { "reference_url": "https://gitlab.com/libtiff/libtiff/-/issues/499", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/libtiff/libtiff/-/issues/499" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0796", "reference_id": "CVE-2023-0796", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0796" }, { "reference_url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0796.json", "reference_id": "CVE-2023-0796.JSON", "reference_type": "", "scores": [], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0796.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63671?format=api", "purl": "pkg:conan/libtiff@4.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8pzd-tzc6-w7a8" }, { "vulnerability": "VCID-arvt-qqf4-wbg2" }, { "vulnerability": "VCID-d52s-g5c7-qka3" }, { "vulnerability": "VCID-dgyb-2jpx-7ber" }, { "vulnerability": "VCID-g46h-2sqe-xkbk" }, { "vulnerability": "VCID-q39u-5dd6-qyd2" }, { "vulnerability": "VCID-trbp-mf1m-6kbm" }, { "vulnerability": "VCID-y3yu-p8ng-buhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.5.0" } ], "aliases": [ "CVE-2023-0796" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yfgk-2pdu-w3gc" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/libtiff@4.5.0" }