Alerts This Week
Warning Icon 1 483
Alerts This Week
Warning Icon 1 483

Ubuntu 16.04 ESM: USN-5841-1 Critical: LibTIFF Denial Of Service

ubuntu
Calendar Grey February 2, 2023
Dist Ubuntu Esm H88
Security Advisory USN-5842-2 discusses vulnerabilities in LibJPEG affecting Ubuntu 18.04 and 20.04. Immediate action advised for all users.
Several security issues were fixed in LibTIFF.

Summary

Several security issues were fixed in LibTIFF.

Software Description:

- tiff: Tag Image File Format (TIFF) library

Details:

It was discovered that LibTIFF incorrectly handled certain malformed

images. If a user or automated system were tricked into opening a

specially crafted image, a remote attacker could crash the application,

leading to a denial of service, or possibly execute arbitrary code with

user privileges. This issue was only fixed in Ubuntu 14.04 ESM.

(CVE-2019-14973, CVE-2019-17546, CVE-2020-35523, CVE-2020-35524,

CVE-2022-3970)

It was discovered that LibTIFF was incorrectly acessing a data structure

when processing data with the tiffcrop tool, which could lead to a heap

buffer overflow. An attacker could possibly use this issue to cause a

denial of service or execute arbitrary code. (CVE-2022-48281)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
   libtiff-tools                   4.0.6-1ubuntu0.8+esm9
   libtiff5                        4.0.6-1ubuntu0.8+esm9

Ubuntu 14.04 ESM:
   libtiff-tools                   4.0.3-7ubuntu0.11+esm6
   libtiff5                        4.0.3-7ubuntu0.11+esm6

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-5841-1

  CVE-2019-14973, CVE-2019-17546, CVE-2020-35523, CVE-2020-35524,

  CVE-2022-3970, CVE-2022-48281

Severity
critical
Lowest
Low
Medium
High
Critical

February 02, 2023

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here