Mageia 2022-0424: libtiff security update | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Contribute
MGASA-2022-0424 - Updated libtiff packages fix security vulnerability

Publication date: 13 Nov 2022
URL: https://advisories.mageia.org/MGASA-2022-0424.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-3599,
     CVE-2022-3626,
     CVE-2022-3627

LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in
tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via
a crafted tiff file. (CVE-2022-3599)

LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in
libtiff/tif_unix.c:340 when called from processCropSelections,
tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via
a crafted tiff file. (CVE-2022-3626)

LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in
libtiff/tif_unix.c:346 when called from extractImageSection,
tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via
a crafted tiff file. (CVE-2022-3627)

References:
- https://bugs.mageia.org/show_bug.cgi?id=31091
- https://ubuntu.com/security/notices/USN-5714-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

SRPMS:
- 8/core/libtiff-4.2.0-1.10.mga8

Mageia 2022-0424: libtiff security update

LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file

Summary

LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. (CVE-2022-3599)
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. (CVE-2022-3626)
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. (CVE-2022-3627)

References

- https://bugs.mageia.org/show_bug.cgi?id=31091

- https://ubuntu.com/security/notices/USN-5714-1

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627

Resolution

MGASA-2022-0424 - Updated libtiff packages fix security vulnerability

SRPMS

- 8/core/libtiff-4.2.0-1.10.mga8

Severity
Publication date: 13 Nov 2022
URL: https://advisories.mageia.org/MGASA-2022-0424.html
Type: security
CVE: CVE-2022-3599, CVE-2022-3626, CVE-2022-3627

News

Advisories

HOWTOs

Features

How to Check if Your Linux System is Infected with a Virus
Security Considerations for Azure Linux & Windows Subsystem for Linux Users
Admins Receive Automated Linux Patch Management & Improved Security with ManageEngine Endpoint Central
Linux Malware: The Truth About This Growing Threat [Updated]
How Physical Security Blends With Cybersecurity

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy