Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2022:1882-1 Critical TIFF Denial Of Service Vulnerability Patch

suse
Calendar Grey May 30, 2022
Dist Suse Esm H88
Critical update for SUSE's TIFF addressing multiple vulnerabilities, enhancing system security and stability.
An update that fixes 8 vulnerabilities is now available

Summary

This update for tiff fixes the following issues: - CVE-2022-0561: Fixed null source pointer passed as an argument to memcpy() within TIFFFetchStripThing() in tif_dirread.c (bsc#1195964). - CVE-2022-0562: Fixed null source pointer passed as an argument to memcpy() within TIFFReadDirectory() in tif_dirread.c (bsc#1195965). - CVE-2022-0865: Fixed assertion failure in TIFFReadAndRealloc (bsc#1197066). - CVE-2022-0909: Fixed divide by zero error in tiffcrop that could have led to a denial-of-service via a crafted tiff file (bsc#1197072). - CVE-2022-0924: Fixed out-of-bounds read error in tiffcp that could have led to a denial-of-service via a crafted tiff file (bsc#1197073). - CVE-2022-0908: Fixed null source pointer passed as an argument to memcpy in TIFFFetchNormalTag() (bsc#1197074).

Topics%20covered

Topics Covered

security advisory denial of service update vulnerability important suse tiff

References

#1195964 #1195965 #1197066 #1197068 #1197072

#1197073 #1197074 #1197631

Cross- CVE-2022-0561 CVE-2022-0562 CVE-2022-0865

CVE-2022-0891 CVE-2022-0908 CVE-2022-0909

CVE-2022-0924 CVE-2022-1056

CVSS scores:

CVE-2022-0561 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2022-0561 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2022-0562 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2022-0562 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2022-0865 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2022-0865 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2022-0891 (NVD) : 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:1882-1
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service update vulnerability important suse tiff

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here