libTIFF / High Severity
It was discovered that LibTIFF could be made to read out of bounds when processing certain malformed image files with the tiffcrop tool. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service. (CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0799)
It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files with the tiffcrop tool. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804)
squashfs-tools / TBA
CVE: CVE-2021-40153/41072
Impact: Arbitrary write of file
Severity escalation: Used in deploykit Fix: use patchset
- CVE: CVE-2022-48303
- Current Version: 1.34
- Impact: DoS or information leak
- Attack requires a specific malformed tar file, and may only have local impact such as crashing. Escalated as a core component.
- Fix: Patch only. https://savannah.gnu.org/patch/?10307
- Available PoC: https://savannah.gnu.org/bugs/?62387
Vim + gVim
Tor /
- CVE: CVE-2023-32681
- Current Version: 2.26
- Impact: Leak HTTP Proxy-Authorization header
- Applicable CWEs: CWE-200
- Fix: 2.31.0+
- CVE: CVE-2023-34416
- Fix: 102.12+
- CVE: CVE-2021-32142, CVE-2023-1729
- Ref: DSA (), USN ()
- Weakness: Buffer overflow
- Impact is limited to crash the libraw
- Fix: 0.20.2+ (latest is 0.21.1)
- CVE: TOO MANY!
- Ref
- CVE: CVE-2021-3672,
- CVE: CVE-2023-31484
- Desc: does not verify TLS certificates when downloading distributions over HTTPS. May lead to MITM
- CVE: TOO MANY!
- Fix:
- Update 2.x, may require further work
- Follow Debian's backport
- CVE: TOO MANY
- Fix
- 16.latest (in 2023H1)
- 18.latest (separate)