Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2022:4248-1 Critical Alert: TIFF Out-Of-Bounds Vulnerabilities

suse
Calendar Grey November 28, 2022
Dist Suse Esm H88
A critical patch for tiff addresses 5 vulnerabilities in SUSE Linux, improving overall system security.
An update that fixes 5 vulnerabilities is now available

Summary

This update for tiff fixes the following issues: - CVE-2022-3597: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204641). - CVE-2022-3599: Fixed out-of-bounds read in writeSingleSection in tools/tiffcrop.c (bnc#1204643). - CVE-2022-3626: Fixed out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c (bnc#1204644) - CVE-2022-3627: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204645). - CVE-2022-3970: Fixed unsigned integer overflow in TIFFReadRGBATileExt() (bnc#1205392). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9:

Topics%20covered

Topics Covered

security advisory update critical SUSE out-of-bounds tiff

References

#1204641 #1204643 #1204644 #1204645 #1205392

Cross- CVE-2022-3597 CVE-2022-3599 CVE-2022-3626

CVE-2022-3627 CVE-2022-3970

CVSS scores:

CVE-2022-3597 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2022-3597 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2022-3599 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2022-3599 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2022-3626 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2022-3626 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2022-3627 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2022-3627 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:4248-1
Rating: important

Topics%20covered

Topics Covered

security advisory update critical SUSE out-of-bounds tiff

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here