Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-1622: tif_lzw.c: fix potential out-of-bounds error when trying to read in the same... (b4e79bfa) · Commits · libtiff / libtiff · GitLab

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.

CVE
#mac#dos#git#auth

Verified Commit b4e79bfa authored Apr 22, 2022 by

Browse files

tif_lzw.c: fix potential out-of-bounds error when trying to read in the same…

tif_lzw.c: fix potential out-of-bounds error when trying to read in the same tile/strip after an error has occured (fixes #410)

Pipeline #522686789 passed with stages

in 9 minutes and 37 seconds

  • Changes 1
  • Pipelines 1

@@ -140,6 +140,7 @@ typedef struct {

code_t* dec_free_entp; /* next free entry */

code_t* dec_maxcodep; /* max available entry */

code_t* dec_codetab; /* kept separate for small machines */

int read_error; /* whether a read error has occured, and which should cause further reads in the same strip/tile to be aborted */

/* Encoding specific data */

int enc_oldcode; /* last code encountered */

@@ -307,6 +308,7 @@ LZWPreDecode(TIFF* tif, uint16_t s)

*/

sp->dec_oldcodep = &sp->dec_codetab[0];

sp->dec_maxcodep = &sp->dec_codetab[sp->dec_nbitsmask-1];

sp->read_error = 0;

return (1);

}

@@ -399,7 +401,11 @@ LZWDecode(TIFF* tif, uint8_t* op0, tmsize_t occ0, uint16_t s)

(void) s;

assert(sp != NULL);

assert(sp->dec_codetab != NULL);

assert(sp->dec_codetab != NULL);

if (sp->read_error) {

return 0;

}

/*

* Restart interrupted output operation.

@@ -704,6 +710,7 @@ no_eoi:

tif->tif_curstrip);

return 0;

error_code:

sp->read_error = 1;

TIFFErrorExt(tif->tif_clientdata, tif->tif_name, “Using code not yet in table”);

return 0;

}

  • mentioned in issue #410 (closed)

    mentioned in issue #410

Related news

Debian Security Advisory 5333-1

Debian Linux Security Advisory 5333-1 - Several buffer overflow, divide by zero or out of bounds read/write vulnerabilities were discovered in tiff, the Tag Image File Format (TIFF) library and tools, which may cause denial of service when processing a crafted TIFF image.

CVE-2022-26730: About the security content of macOS Ventura 13

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2022-32835: About the security content of watchOS 9

This issue was addressed with improved entitlements. This issue is fixed in iOS 16, watchOS 9. An app may be able to read a persistent device identifier.

CVE-2022-32859: About the security content of iOS 16

A logic issue was addressed with improved state management. This issue is fixed in iOS 16. Deleted contacts may still appear in spotlight search results.

CVE-2022-32903: About the security content of tvOS 16

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.

Apple Security Advisory 2022-10-27-13

Apple Security Advisory 2022-10-27-13 - watchOS 9 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

Apple Security Advisory 2022-10-27-11

Apple Security Advisory 2022-10-27-11 - tvOS 16 addresses buffer overflow, code execution, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907