Headline
RHSA-2023:0302: Red Hat Security Advisory: libtiff security update
An update for libtiff is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-2056: LibTiff: DoS from Divide By Zero Error
- CVE-2022-2057: LibTiff: DoS from Divide By Zero Error
- CVE-2022-2058: LibTiff: DoS from Divide By Zero Error
- CVE-2022-2519: libtiff: Double free or corruption in rotateImage() function at tiffcrop.c
- CVE-2022-2520: libtiff: Assertion fail in rotateImage() function at tiffcrop.c
- CVE-2022-2521: libtiff: Invalid pointer free operation in TIFFClose() at tif_close.c
- CVE-2022-2953: libtiff: tiffcrop: heap-buffer-overflow in extractImageSection in tiffcrop.c
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-01-23
Updated:
2023-01-23
RHSA-2023:0302 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: libtiff security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for libtiff is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.
Security Fix(es):
- LibTiff: DoS from Divide By Zero Error (CVE-2022-2056, CVE-2022-2057, CVE-2022-2058)
- libtiff: Double free or corruption in rotateImage() function at tiffcrop.c (CVE-2022-2519)
- libtiff: tiffcrop: heap-buffer-overflow in extractImageSection in tiffcrop.c (CVE-2022-2953)
- libtiff: Assertion fail in rotateImage() function at tiffcrop.c (CVE-2022-2520)
- libtiff: Invalid pointer free operation in TIFFClose() at tif_close.c (CVE-2022-2521)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running applications linked against libtiff must be restarted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat CodeReady Linux Builder for x86_64 9 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
- Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
- Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x
Fixes
- BZ - 2103222 - LibTiff: DoS from Divide By Zero Error
- BZ - 2122789 - CVE-2022-2519 libtiff: Double free or corruption in rotateImage() function at tiffcrop.c
- BZ - 2122792 - CVE-2022-2520 libtiff: Assertion fail in rotateImage() function at tiffcrop.c
- BZ - 2122799 - CVE-2022-2521 libtiff: Invalid pointer free operation in TIFFClose() at tif_close.c
- BZ - 2134432 - CVE-2022-2953 libtiff: tiffcrop: heap-buffer-overflow in extractImageSection in tiffcrop.c
CVEs
- CVE-2022-2056
- CVE-2022-2057
- CVE-2022-2058
- CVE-2022-2519
- CVE-2022-2520
- CVE-2022-2521
- CVE-2022-2953
Red Hat Enterprise Linux for x86_64 9
SRPM
libtiff-4.4.0-5.el9_1.src.rpm
SHA-256: 3bfb11626a8bbdbab11d150f1b94ad1768d4bfcae812e3f50d0dd6427f168a8c
x86_64
libtiff-4.4.0-5.el9_1.i686.rpm
SHA-256: 6765e5d84fa5d55f66bd13eb975e4f9ead1883d63e5004b4eabb8bdb8bfca466
libtiff-4.4.0-5.el9_1.x86_64.rpm
SHA-256: b1353b7c803b31d55c78d3589ccfac1549e2c13ee7428fd805d934c4ed325d62
libtiff-debuginfo-4.4.0-5.el9_1.i686.rpm
SHA-256: 5be44aeeb9243bddc6c890b02da2f39c352d7617be5d680a7ad194c5ebcefd1a
libtiff-debuginfo-4.4.0-5.el9_1.x86_64.rpm
SHA-256: 688a21ce29fc92e6464dad2eec7c124e7b96cc6a9d5c6f702299b83cfd68e292
libtiff-debugsource-4.4.0-5.el9_1.i686.rpm
SHA-256: 636361c3e1f367a1908abcf609f47925bc5749d66d7e9e5c910747f3a7e573a6
libtiff-debugsource-4.4.0-5.el9_1.x86_64.rpm
SHA-256: 7ae7e95c73d6750b117b0a74dad85b2df0662d0ee43d95d83b203f8ff72fba94
libtiff-devel-4.4.0-5.el9_1.i686.rpm
SHA-256: bd54bc2abab90ff4e786cbe473b29610a0b1bea5dc8bcf65e4e99c76b7c9622b
libtiff-devel-4.4.0-5.el9_1.x86_64.rpm
SHA-256: 2f881fea5ad1d6e80254c287030be9d7f1506e7ca4f1d4d9ac6fdf5dc9532dac
libtiff-tools-debuginfo-4.4.0-5.el9_1.i686.rpm
SHA-256: 140158315f4256275a39ca0d1ecfc9546452d6b606fb192dd5966ca9fe814deb
libtiff-tools-debuginfo-4.4.0-5.el9_1.x86_64.rpm
SHA-256: 5b8596a6f5d92b3cca5457c724e42682003cc2934b6d60700bd6386c155ba399
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
libtiff-4.4.0-5.el9_1.src.rpm
SHA-256: 3bfb11626a8bbdbab11d150f1b94ad1768d4bfcae812e3f50d0dd6427f168a8c
s390x
libtiff-4.4.0-5.el9_1.s390x.rpm
SHA-256: b949f8aa452859160c580894b95c2f55f07113be2987f37d9c6a8caa0125d391
libtiff-debuginfo-4.4.0-5.el9_1.s390x.rpm
SHA-256: a6b749b5da7d71d1d5266ac07eebb3685d256c3d027d0527597fbe39d922562e
libtiff-debugsource-4.4.0-5.el9_1.s390x.rpm
SHA-256: 5bf45b0f3993c9e9c0e366ad32756a07dc972b4b97e25e08e9266f550334f007
libtiff-devel-4.4.0-5.el9_1.s390x.rpm
SHA-256: ea8fadba387191edf0f9f2dad63c26da2bb14357985de8d2c7431b085fa88faa
libtiff-tools-debuginfo-4.4.0-5.el9_1.s390x.rpm
SHA-256: eae00e6153268f3839a2b470b9b1a8ffc588a5b82a6f08d4396872ed787e156a
Red Hat Enterprise Linux for Power, little endian 9
SRPM
libtiff-4.4.0-5.el9_1.src.rpm
SHA-256: 3bfb11626a8bbdbab11d150f1b94ad1768d4bfcae812e3f50d0dd6427f168a8c
ppc64le
libtiff-4.4.0-5.el9_1.ppc64le.rpm
SHA-256: dc752205c80218baf6cdafec5aab63a1543b642505e89d092d81a4c66d78d5c7
libtiff-debuginfo-4.4.0-5.el9_1.ppc64le.rpm
SHA-256: 0b01721bbbd2806d335338d05ff92d74c5e3374e93acb53bbae7ec334f5eec9a
libtiff-debugsource-4.4.0-5.el9_1.ppc64le.rpm
SHA-256: 0f8321bd0d1b44e03d7f321c32c9488621ed5d84d8620e266fb4d02f3bbc112b
libtiff-devel-4.4.0-5.el9_1.ppc64le.rpm
SHA-256: 4d8090d0098cb7ee351ca4f521996f7b4d550b584eb62558147f5dc97ec131d2
libtiff-tools-debuginfo-4.4.0-5.el9_1.ppc64le.rpm
SHA-256: a9f3e42d33bbb6d40c4cac001e926aa8bb133399ed1b01d438f22fc4abf0836f
Red Hat Enterprise Linux for ARM 64 9
SRPM
libtiff-4.4.0-5.el9_1.src.rpm
SHA-256: 3bfb11626a8bbdbab11d150f1b94ad1768d4bfcae812e3f50d0dd6427f168a8c
aarch64
libtiff-4.4.0-5.el9_1.aarch64.rpm
SHA-256: b08212de5242a918286e609d6c6b2e7deb06bac49874208f21946214c6100451
libtiff-debuginfo-4.4.0-5.el9_1.aarch64.rpm
SHA-256: b34f6b03334a791aea9bccd3e47f12ed112c253d94a9dff083666e95dedca31a
libtiff-debugsource-4.4.0-5.el9_1.aarch64.rpm
SHA-256: c49ba3875d44430edcf593783438db2a1ffb9feb999cbac171bbb21425877f27
libtiff-devel-4.4.0-5.el9_1.aarch64.rpm
SHA-256: f717eb8960e5a98735ed1b11bc970c4bb66c850853680408642c9fe001846c28
libtiff-tools-debuginfo-4.4.0-5.el9_1.aarch64.rpm
SHA-256: 9a3c5059375200da4b9312221b3bd3c981261b472ea055580cbfc31d2753fbcd
Red Hat CodeReady Linux Builder for x86_64 9
SRPM
x86_64
libtiff-debuginfo-4.4.0-5.el9_1.x86_64.rpm
SHA-256: 688a21ce29fc92e6464dad2eec7c124e7b96cc6a9d5c6f702299b83cfd68e292
libtiff-debugsource-4.4.0-5.el9_1.x86_64.rpm
SHA-256: 7ae7e95c73d6750b117b0a74dad85b2df0662d0ee43d95d83b203f8ff72fba94
libtiff-tools-4.4.0-5.el9_1.x86_64.rpm
SHA-256: b9dae6f09f1c236b7ba132a12db9c0134381f8e766bd041e021cbe4dfe9f9694
libtiff-tools-debuginfo-4.4.0-5.el9_1.x86_64.rpm
SHA-256: 5b8596a6f5d92b3cca5457c724e42682003cc2934b6d60700bd6386c155ba399
Red Hat CodeReady Linux Builder for Power, little endian 9
SRPM
ppc64le
libtiff-debuginfo-4.4.0-5.el9_1.ppc64le.rpm
SHA-256: 0b01721bbbd2806d335338d05ff92d74c5e3374e93acb53bbae7ec334f5eec9a
libtiff-debugsource-4.4.0-5.el9_1.ppc64le.rpm
SHA-256: 0f8321bd0d1b44e03d7f321c32c9488621ed5d84d8620e266fb4d02f3bbc112b
libtiff-tools-4.4.0-5.el9_1.ppc64le.rpm
SHA-256: 1bdc1524d7571ec2a1b81e4acadc28eb6fb5f9417b9e02135c530e64c7cf50d7
libtiff-tools-debuginfo-4.4.0-5.el9_1.ppc64le.rpm
SHA-256: a9f3e42d33bbb6d40c4cac001e926aa8bb133399ed1b01d438f22fc4abf0836f
Red Hat CodeReady Linux Builder for ARM 64 9
SRPM
aarch64
libtiff-debuginfo-4.4.0-5.el9_1.aarch64.rpm
SHA-256: b34f6b03334a791aea9bccd3e47f12ed112c253d94a9dff083666e95dedca31a
libtiff-debugsource-4.4.0-5.el9_1.aarch64.rpm
SHA-256: c49ba3875d44430edcf593783438db2a1ffb9feb999cbac171bbb21425877f27
libtiff-tools-4.4.0-5.el9_1.aarch64.rpm
SHA-256: 594481e49b3a86ba2d28047885aa09167a220c634122a443a6e636e6e519e7b0
libtiff-tools-debuginfo-4.4.0-5.el9_1.aarch64.rpm
SHA-256: 9a3c5059375200da4b9312221b3bd3c981261b472ea055580cbfc31d2753fbcd
Red Hat CodeReady Linux Builder for IBM z Systems 9
SRPM
s390x
libtiff-debuginfo-4.4.0-5.el9_1.s390x.rpm
SHA-256: a6b749b5da7d71d1d5266ac07eebb3685d256c3d027d0527597fbe39d922562e
libtiff-debugsource-4.4.0-5.el9_1.s390x.rpm
SHA-256: 5bf45b0f3993c9e9c0e366ad32756a07dc972b4b97e25e08e9266f550334f007
libtiff-tools-4.4.0-5.el9_1.s390x.rpm
SHA-256: b1e733636104bc86638b52a272035f20283ca3bc095ed3bda665396f51852b7a
libtiff-tools-debuginfo-4.4.0-5.el9_1.s390x.rpm
SHA-256: eae00e6153268f3839a2b470b9b1a8ffc588a5b82a6f08d4396872ed787e156a
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
Migration Toolkit for Runtimes 1.0.2 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31690: A flaw was found in the Spring Security framework. Spring Security could allow a remote attacker to gain elevated privileges on the system. By modifying a request initiated by the Client (via the browser) to the Authorization Server, an attacker can gain elevated privileges on the system. * CVE-2022-41966: A flaw was found in the xstream package. This flaw allows an atta...
Red Hat Security Advisory 2023-1174-01 - OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate.
OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panic. * CVE-2022...
Migration Toolkit for Applications 6.0.1 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36567: A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to...
Red Hat Security Advisory 2023-0794-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Red Hat Advanced Cluster Management for Kubernetes 2.6.4 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24999: qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload i...
Red Hat Security Advisory 2023-0693-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.
The Migration Toolkit for Containers (MTC) 1.7.7 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43138: A vulnerability was found in the async package. This flaw allows a malicious user to obtain privileges via the mapValues() method. * CVE-2022-2879: A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw a...
Debian Linux Security Advisory 5333-1 - Several buffer overflow, divide by zero or out of bounds read/write vulnerabilities were discovered in tiff, the Tag Image File Format (TIFF) library and tools, which may cause denial of service when processing a crafted TIFF image.
Red Hat Security Advisory 2023-0095-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include buffer overflow, denial of service, double free, and out of bounds read vulnerabilities.
Red Hat Security Advisory 2023-0095-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include buffer overflow, denial of service, double free, and out of bounds read vulnerabilities.
Red Hat Security Advisory 2023-0095-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include buffer overflow, denial of service, double free, and out of bounds read vulnerabilities.
Red Hat Security Advisory 2023-0095-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include buffer overflow, denial of service, double free, and out of bounds read vulnerabilities.
Red Hat Security Advisory 2023-0095-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include buffer overflow, denial of service, double free, and out of bounds read vulnerabilities.
Red Hat Security Advisory 2023-0095-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include buffer overflow, denial of service, double free, and out of bounds read vulnerabilities.
Red Hat Security Advisory 2023-0095-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include buffer overflow, denial of service, double free, and out of bounds read vulnerabilities.
An update for libtiff is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2056: LibTiff: DoS from Divide By Zero Error * CVE-2022-2057: LibTiff: DoS from Divide By Zero Error * CVE-2022-2058: LibTiff: DoS from Divide By Zero Error * CVE-2022-2519: libtiff: Double free or corruption in rotateImage() function at tiffcrop.c * CVE-2022-2520: libtiff: Assertion fail in rotateImage() function at tiffcrop.c * CVE-2022-2521: libtiff:...
An update for libtiff is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2056: LibTiff: DoS from Divide By Zero Error * CVE-2022-2057: LibTiff: DoS from Divide By Zero Error * CVE-2022-2058: LibTiff: DoS from Divide By Zero Error * CVE-2022-2519: libtiff: Double free or corruption in rotateImage() function at tiffcrop.c * CVE-2022-2520: libtiff: Assertion fail in rotateImage() function at tiffcrop.c * CVE-2022-2521: libtiff:...
An update for libtiff is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2056: LibTiff: DoS from Divide By Zero Error * CVE-2022-2057: LibTiff: DoS from Divide By Zero Error * CVE-2022-2058: LibTiff: DoS from Divide By Zero Error * CVE-2022-2519: libtiff: Double free or corruption in rotateImage() function at tiffcrop.c * CVE-2022-2520: libtiff: Assertion fail in rotateImage() function at tiffcrop.c * CVE-2022-2521: libtiff:...
An update for libtiff is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2056: LibTiff: DoS from Divide By Zero Error * CVE-2022-2057: LibTiff: DoS from Divide By Zero Error * CVE-2022-2058: LibTiff: DoS from Divide By Zero Error * CVE-2022-2519: libtiff: Double free or corruption in rotateImage() function at tiffcrop.c * CVE-2022-2520: libtiff: Assertion fail in rotateImage() function at tiffcrop.c * CVE-2022-2521: libtiff:...
An update for libtiff is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2056: LibTiff: DoS from Divide By Zero Error * CVE-2022-2057: LibTiff: DoS from Divide By Zero Error * CVE-2022-2058: LibTiff: DoS from Divide By Zero Error * CVE-2022-2519: libtiff: Double free or corruption in rotateImage() function at tiffcrop.c * CVE-2022-2520: libtiff: Assertion fail in rotateImage() function at tiffcrop.c * CVE-2022-2521: libtiff:...
An update for libtiff is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2056: LibTiff: DoS from Divide By Zero Error * CVE-2022-2057: LibTiff: DoS from Divide By Zero Error * CVE-2022-2058: LibTiff: DoS from Divide By Zero Error * CVE-2022-2519: libtiff: Double free or corruption in rotateImage() function at tiffcrop.c * CVE-2022-2520: libtiff: Assertion fail in rotateImage() function at tiffcrop.c * CVE-2022-2521: libtiff:...
An update for libtiff is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2056: LibTiff: DoS from Divide By Zero Error * CVE-2022-2057: LibTiff: DoS from Divide By Zero Error * CVE-2022-2058: LibTiff: DoS from Divide By Zero Error * CVE-2022-2519: libtiff: Double free or corruption in rotateImage() function at tiffcrop.c * CVE-2022-2520: libtiff: Assertion fail in rotateImage() function at tiffcrop.c * CVE-2022-2521: libtiff:...
Ubuntu Security Notice 5619-1 - It was discovered that LibTIFF was not properly performing the calculation of data that would eventually be used as a reference for bound-checking operations. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. It was discovered that LibTIFF was not properly terminating a function execution when processing incorrect data. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS.
Ubuntu Security Notice 5619-1 - It was discovered that LibTIFF was not properly performing the calculation of data that would eventually be used as a reference for bound-checking operations. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. It was discovered that LibTIFF was not properly terminating a function execution when processing incorrect data. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS.
Ubuntu Security Notice 5619-1 - It was discovered that LibTIFF was not properly performing the calculation of data that would eventually be used as a reference for bound-checking operations. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. It was discovered that LibTIFF was not properly terminating a function execution when processing incorrect data. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS.
It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input.
There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1
A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input.
LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8.
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.