Debian: DLA-3278-1 Critical: TIFF Denial Of Service Risks
debian lts
January 20, 2023
Multiple vulnerabilities were found in tiff, a library and tools providing support for the Tag Image File Format (TIFF), leading to denial of service (DoS) and possibly local code ...
Topics Covered
Summary
CVE-2022-1354
A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in
TIFFReadRawDataStriped() function. This flaw allows an attacker to
pass a crafted TIFF file to the tiffinfo tool, triggering a heap
buffer overflow issue and causing a crash that leads to a denial
of service.
CVE-2022-1355
A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in
main() function. This flaw allows an attacker to pass a crafted
TIFF file to the tiffcp tool, triggering a stack buffer overflow
issue, possibly corrupting the memory, and causing a crash that
leads to a denial of service.
CVE-2022-2056, CVE-2022-2057, CVE-2022-2058
Divide By Zero error in tiffcrop allows attackers to cause a
denial-of-service via a crafted tiff file.
CVE-2022-2867, CVE-2022-2868, CVE-2022-2869
libtiff's tiffcrop utility has underflow and input validation flaw
that can lead to out of bounds read and write. An attacker who
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Package: tiff
Version: 4.1.0+git191117-2~deb10u5
CVE ID: CVE-2022-1354 CVE-2022-1355 CVE-2022-2056 CVE-2022-2057
Debian Bug: 1011160 1014494 1022555 1024737
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!