Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

openSUSE: 2022:0480-1 Important: tiff DoS and Buffer Overflow Fix

opensuse
Calendar Grey February 17, 2022
Dist Opensuse Esm H88
An important security rollout for jpeg fixes 10 flaws in Fedora 34 and 35, including memory leaks and integer overflows.
An update that fixes 8 vulnerabilities is now available

Description

This update for tiff fixes the following issues:

- CVE-2017-17095: Fixed DoS in tools/pal2rgb.c in pal2rgb (bsc#1071031).

- CVE-2019-17546: Fixed integer overflow that potentially causes a

heap-based buffer overflow via a crafted RGBA image (bsc#1154365).

- CVE-2020-19131: Fixed buffer overflow in tiffcrop that may cause DoS via

the invertImage() function (bsc#1190312).

- CVE-2020-35521: Fixed memory allocation failure in tif_read.c

(bsc#1182808).

- CVE-2020-35522: Fixed memory allocation failure in tif_pixarlog.c

(bsc#1182809).

- CVE-2020-35523: Fixed integer overflow in tif_getimage.c (bsc#1182811).

- CVE-2020-35524: Fixed heap-based buffer overflow in TIFF2PDF tool

(bsc#1182812).

- CVE-2022-22844: Fixed out-of-bounds read in _TIFFmemcpy in tif_unix.c

(bsc#1194539).

Topics%20covered

Topics Covered

security advisory buffer overflow DoS important memory allocation openSUSE tiff

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.4:

zypper in -t patch openSUSE-SLE-15.4-2022-480=1

- openSUSE Leap 15.3:

zypper in -t patch openSUSE-SLE-15.3-2022-480=1

Package List

- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):

libtiff-devel-4.0.9-45.5.1

libtiff5-4.0.9-45.5.1

libtiff5-debuginfo-4.0.9-45.5.1

tiff-4.0.9-45.5.1

tiff-debuginfo-4.0.9-45.5.1

tiff-debugsource-4.0.9-45.5.1

- openSUSE Leap 15.4 (x86_64):

libtiff-devel-32bit-4.0.9-45.5.1

libtiff5-32bit-4.0.9-45.5.1

libtiff5-32bit-debuginfo-4.0.9-45.5.1

- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):

libtiff-devel-4.0.9-45.5.1

libtiff5-4.0.9-45.5.1

libtiff5-debuginfo-4.0.9-45.5.1

tiff-4.0.9-45.5.1

tiff-debuginfo-4.0.9-45.5.1

tiff-debugsource-4.0.9-45.5.1

- openSUSE Leap 15.3 (x86_64):

libtiff-devel-32bit-4.0.9-45.5.1

libtiff5-32bit-4.0.9-45.5.1

libtiff5-32bit-debuginfo-4.0.9-45.5.1

References

https://www.suse.com/security/cve/CVE-2017-17095.html

https://www.suse.com/security/cve/CVE-2019-17546.html

https://www.suse.com/security/cve/CVE-2020-19131.html

https://www.suse.com/security/cve/CVE-2020-35521.html

https://www.suse.com/security/cve/CVE-2020-35522.html

https://www.suse.com/security/cve/CVE-2020-35523.html

https://www.suse.com/security/cve/CVE-2020-35524.html

https://www.suse.com/security/cve/CVE-2022-22844.html

https://bugzilla.suse.com/1071031

https://bugzilla.suse.com/1154365

https://bugzilla.suse.com/1182808

https://bugzilla.suse.com/1182809

https://bugzilla.suse.com/1182811

https://bugzilla.suse.com/1182812

https://bugzilla.suse.com/1190312

https://bugzilla.suse.com/1194539

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2022:0480-1
Rating: important
Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 .

Topics%20covered

Topics Covered

security advisory buffer overflow DoS important memory allocation openSUSE tiff

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here