CVE-2023-0217

An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVPPKEYpubliccheck function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allo...

CVE-2023-0216

An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2iPKCS7, d2iPKCS7bio or d2iPKCS7fp functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in...

Null pointer dereference

An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2iPKCS7, d2iPKCS7bio or d2iPKCS7fp functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in...

CVE-2023-0217

An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVPPKEYpubliccheck function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allo...

CVE-2023-0217

CVE-2023-0217 is an OpenSSL vulnerability: an invalid pointer dereference on read when validating a malformed DSA public key via EVP_PKEY_public_check(), likely crashing the application and enabling denial of service. Affected context in connected documents confirms OpenSSL-related advisories and...

CVE-2023-0217

A flaw was found in OpenSSL. An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVPPKEYpubliccheck function, most likely leading to an application crash. This function can be called on public keys supplied from untrusted...

CVE-2023-0216

A flaw was found in OpenSSL. An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2iPKCS7, d2iPKCS7bio or d2iPKCS7fp functions. This may result in an application crash which could lead to a denial of service. The TLS implementati...

RUSTSEC-2023-0011 Invalid pointer dereference in `d2i_PKCS7` functions

An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2iPKCS7, d2iPKCS7bio or d2iPKCS7fp functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in...

Vulnerability in OpenSSL - NULL dereference validating DSA public key

An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVPPKEYpubliccheck function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allo...

CVE-2023-0217

An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVPPKEYpubliccheck function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allo...

libtiff: Invalid pointer free operation in TIFFClose() at tif_close.c

It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose at tifclose.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input...

libtiff security update

An update is available for libtiff. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libtiff packages contain a library of functions for manipulating Tagged...

RHEL 9 : libtiff (RHSA-2023:0302)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0302 advisory. The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: LibTiff: DoS from...

libtiff: Invalid pointer free operation in TIFFClose() at tif_close.c

It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose at tifclose.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input...

Oracle Linux 8 : libtiff (ELSA-2023-0095)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0095 advisory. - Resolves: CVE-2022-2519 CVE-2022-2520 CVE-2022-2521 CVE-2022-2953 - Fix CVE-2022-2867 2118857 - Fix CVE-2022-2868 2118882 - Fix CVE-2022-2869 2118878...

RHEL 8 : libtiff (RHSA-2023:0095)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0095 advisory. The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: LibTiff: DoS from...

Updated libtiff packages fix security vulnerability

There is a double free or corruption in rotateImage at tiffcrop.c:8839 found in libtiff 4.4.0rc1. CVE-2022-2519 A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage at tiffcrop.c:8621 that can cause program crash when reading a crafted input. CVE-2022-2520 It w...

Denial Of Service (DoS)

libtiff.so is vulnerable to denial of service.The vulnerability exists in the TIFFClose function in tiffcrop.c due to invalid pointer free operation which allows an attacker to crash the system via a maliciously crafted file...

UBUNTU-CVE-2022-38153

An issue was discovered in wolfSSL before 5.5.0 when --enable-session-ticket is used; however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket more than 256 bytes into a...

CVE-2022-2521

It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose at tifclose.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input...