Alerts This Week
Warning Icon 1 770
Alerts This Week
Warning Icon 1 770

SUSE: 2022:14888-2 Critical: PNG Heap Corruption and Memory Leak

suse
Calendar Grey February 18, 2022
Dist Suse Esm H88
SUSE Security Advisory: Critical patch for jpeg addressing various vulnerabilities. Mitigate risks promptly.
An update that fixes 6 vulnerabilities is now available

Summary

This update for tiff fixes the following issues: - CVE-2015-8683: Fixed out-of-bounds when reading CIE Lab image format files (bsc#1156754). - CVE-2015-8665: Fixed out-of-bounds read in tif_getimage.c (bsc#1156749). - CVE-2020-35521: Fixed memory allocation failure in tif_read.c (bsc#1182808). - CVE-2020-35522: Fixed memory allocation failure in tif_pixarlog.c (bsc#1182809). - CVE-2020-35523: Fixed integer overflow in tif_getimage.c (bsc#1182811). - CVE-2020-35524: Fixed heap-based buffer overflow in TIFF2PDF tool (bsc#1182812). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS:

Topics%20covered

Topics Covered

security advisory update buffer overflow important SUSE memory allocation tiff

References

#1156749 #1156754 #1182808 #1182809 #1182811

#1182812

Cross- CVE-2015-8665 CVE-2015-8683 CVE-2020-35521

CVE-2020-35522 CVE-2020-35523 CVE-2020-35524

CVSS scores:

CVE-2015-8665 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2015-8683 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2020-35521 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2020-35521 (SUSE): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H

CVE-2020-35522 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2020-35522 (SUSE): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H

CVE-2020-35523 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2020-35523 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:14888-1
Rating: important

Topics%20covered

Topics Covered

security advisory update buffer overflow important SUSE memory allocation tiff

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here