Headline
RHSA-2023:2340: Red Hat Security Advisory: libtiff security update
An update for libtiff is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-3570: A heap-based buffer overflow flaw was found in Libtiff’s tiffcrop utility. This issue occurs during the conversion of a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes an out-of-bound access resulting an application crash, eventually leading to a denial of service.
- CVE-2022-3597: An out-of-bounds write flaw was found in the _TIFFmemcpy function in libtiff/tif_unix.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.
- CVE-2022-3598: An out-of-bounds write flaw was found in the extractContigSamplesShifted24bits function in tools/tiffcrop.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.
- CVE-2022-3599: An out-of-bounds read flaw was found in the writeSingleSection function in tools/tiffcrop.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.
- CVE-2022-3626: An out-of-bounds write flaw was found in the _TIFFmemset function in libtiff/tif_unix.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.
- CVE-2022-3627: An out-of-bounds write flaw was found in the _TIFFmemcpy function in libtiff/tif_unix.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.
- CVE-2022-3970: An integer overflow flaw was found in LibTIFF. This issue exists in the TIFFReadRGBATileExt function of the libtiff/tif_getimage.c file, and may lead to a buffer overflow.
- CVE-2022-4645: A flaw was found in tiffcp, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the tiffcp function in tools/tiffcp.c, resulting in a denial of service and limited information disclosure.
- CVE-2023-30774: A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.
- CVE-2023-30775: A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-05-09
Updated:
2023-05-09
RHSA-2023:2340 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: libtiff security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for libtiff is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.
Security Fix(es):
- libtiff: heap Buffer overflows in tiffcrop.c (CVE-2022-3570)
- libtiff: out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix (CVE-2022-3597)
- libtiff: out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c (CVE-2022-3598)
- libtiff: out-of-bounds read in writeSingleSection in tools/tiffcrop.c (CVE-2022-3599)
- libtiff: out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c (CVE-2022-3626)
- libtiff: out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (CVE-2022-3627)
- libtiff: integer overflow in function TIFFReadRGBATileExt of the file (CVE-2022-3970)
- libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c (CVE-2022-4645)
- libtiff: heap buffer overflow issues related to TIFFTAG_INKNAMES and related TIFFTAG_NUMBEROFINKS value (CVE-2023-30774)
- libtiff: Heap buffer overflow in extractContigSamples32bits, tiffcrop.c (CVE-2023-30775)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running applications linked against libtiff must be restarted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat CodeReady Linux Builder for x86_64 9 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
- Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
- Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x
Fixes
- BZ - 2142734 - CVE-2022-3570 libtiff: heap Buffer overflows in tiffcrop.c
- BZ - 2142736 - CVE-2022-3597 libtiff: out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix
- BZ - 2142738 - CVE-2022-3598 libtiff: out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c
- BZ - 2142740 - CVE-2022-3599 libtiff: out-of-bounds read in writeSingleSection in tools/tiffcrop.c
- BZ - 2142741 - CVE-2022-3626 libtiff: out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c
- BZ - 2142742 - CVE-2022-3627 libtiff: out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c
- BZ - 2148918 - CVE-2022-3970 libtiff: integer overflow in function TIFFReadRGBATileExt of the file
- BZ - 2176220 - CVE-2022-4645 libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c
- BZ - 2187139 - CVE-2023-30774 libtiff: heap buffer overflow issues related to TIFFTAG_INKNAMES and related TIFFTAG_NUMBEROFINKS value
- BZ - 2187141 - CVE-2023-30775 libtiff: Heap buffer overflow in extractContigSamples32bits, tiffcrop.c
CVEs
- CVE-2022-3570
- CVE-2022-3597
- CVE-2022-3598
- CVE-2022-3599
- CVE-2022-3626
- CVE-2022-3627
- CVE-2022-3970
- CVE-2022-4645
- CVE-2023-30774
- CVE-2023-30775
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index
Red Hat Enterprise Linux for x86_64 9
SRPM
libtiff-4.4.0-7.el9.src.rpm
SHA-256: 2b2dc780c581638b605bfecda0051cda15bc76b48f6908b6d25b5ecb22eb8e33
x86_64
libtiff-4.4.0-7.el9.i686.rpm
SHA-256: c598b4a0c7eebdc56db5635b078b113868a59f15fd0eaf251a63d64b0ed3dd8a
libtiff-4.4.0-7.el9.x86_64.rpm
SHA-256: 8b8dc7fa2e62394b29c6ddb0e1df7c85146300a95e6d5b7055bec3a2561d40ca
libtiff-debuginfo-4.4.0-7.el9.i686.rpm
SHA-256: f59cdabc41a22bc51922df7208606a92dab9818f0a6f6deaf78deb6110535dab
libtiff-debuginfo-4.4.0-7.el9.x86_64.rpm
SHA-256: 51438a843286ee67a5e672c026a2588e8aa7c5dbff1bf60300cdb07423377e36
libtiff-debugsource-4.4.0-7.el9.i686.rpm
SHA-256: 86584ba5950bf16d9fde6221994e654a435a2d8fbcfaf49bc5504ac552b54406
libtiff-debugsource-4.4.0-7.el9.x86_64.rpm
SHA-256: d37daa4feba769ff2787293b79e7dee49933c0c1dc73ed6e89dc78a33c482d4e
libtiff-devel-4.4.0-7.el9.i686.rpm
SHA-256: 0912214580a9c34c71330f63c23eafb6999560d472eba5455b86b6214ed81351
libtiff-devel-4.4.0-7.el9.x86_64.rpm
SHA-256: 6992ef417a957c008fc5469a5dd4c04a0865d0e9861211d9496a09b817355040
libtiff-tools-debuginfo-4.4.0-7.el9.i686.rpm
SHA-256: 42bdb828be8a4c8abe33ae28d46cd3704a9475fc8070c1a9ce15cff8b4acb3fa
libtiff-tools-debuginfo-4.4.0-7.el9.x86_64.rpm
SHA-256: 1aaeb08ff6223ea157e95c697fa2812903856a1cdba87ef8f48eafc885e5fcde
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
libtiff-4.4.0-7.el9.src.rpm
SHA-256: 2b2dc780c581638b605bfecda0051cda15bc76b48f6908b6d25b5ecb22eb8e33
s390x
libtiff-4.4.0-7.el9.s390x.rpm
SHA-256: 0bea4d43bdc572a3ddeb12e8cc91c37127406c21112e2f7fe58513790cc449fe
libtiff-debuginfo-4.4.0-7.el9.s390x.rpm
SHA-256: a7c1eda009fac2aa12456f0e59f16c704b69e95236aa19541125f1a2cc922c19
libtiff-debugsource-4.4.0-7.el9.s390x.rpm
SHA-256: 30cd37f244c8fad1f7750b585a75fa6151c906b53676d8de03fb87f38fd467d0
libtiff-devel-4.4.0-7.el9.s390x.rpm
SHA-256: d9f2fb074df64f70e53053343fdbbf566da1409fcf59598b878c700e62928e67
libtiff-tools-debuginfo-4.4.0-7.el9.s390x.rpm
SHA-256: ff2105f93b897b88300c108e3aae7424ec0f5b8618f9221de50c58328b367711
Red Hat Enterprise Linux for Power, little endian 9
SRPM
libtiff-4.4.0-7.el9.src.rpm
SHA-256: 2b2dc780c581638b605bfecda0051cda15bc76b48f6908b6d25b5ecb22eb8e33
ppc64le
libtiff-4.4.0-7.el9.ppc64le.rpm
SHA-256: 43f352dcb7f87d5b59007a34162ff74a196713c5ce223d8e7665ac78edb44144
libtiff-debuginfo-4.4.0-7.el9.ppc64le.rpm
SHA-256: 4b55511a54b4a785f8b1766aedd38e398ccb40f622ecb6674135a86c7e302e8c
libtiff-debugsource-4.4.0-7.el9.ppc64le.rpm
SHA-256: e798f3af3062adfbaed4e4f9899461ba97671ecf757e525e7df72384ac2f3304
libtiff-devel-4.4.0-7.el9.ppc64le.rpm
SHA-256: 9e551f5e72cb093f3dfe5c5a9493c91477c7907dbf32a7ed8634fe65ce0d8a8d
libtiff-tools-debuginfo-4.4.0-7.el9.ppc64le.rpm
SHA-256: 384eb43cc3ef49c3b25bed34a7bc8451fa2079037cc02ae8b89f72ea691fa7ba
Red Hat Enterprise Linux for ARM 64 9
SRPM
libtiff-4.4.0-7.el9.src.rpm
SHA-256: 2b2dc780c581638b605bfecda0051cda15bc76b48f6908b6d25b5ecb22eb8e33
aarch64
libtiff-4.4.0-7.el9.aarch64.rpm
SHA-256: b533f2ab9a5a6eacd5280556b7a2a2b83542dde5640373e9c06e4f148fa8d6d0
libtiff-debuginfo-4.4.0-7.el9.aarch64.rpm
SHA-256: 11cc8d9c17a6a752d66d607028492d47870b78ff584621a708f785558d7522da
libtiff-debugsource-4.4.0-7.el9.aarch64.rpm
SHA-256: b1923ac488b0f21fb0fcb535293b94d6391296486c85ab7c0e3076dd80b3b7a6
libtiff-devel-4.4.0-7.el9.aarch64.rpm
SHA-256: 58258dba3c16d3e0c578923ab3ee698480e47511b1df7352844918513e12468b
libtiff-tools-debuginfo-4.4.0-7.el9.aarch64.rpm
SHA-256: 40c58a677b7105c9c58d592476bbb45da0ef1f37ab09df49940c9da8d0c86bc1
Red Hat CodeReady Linux Builder for x86_64 9
SRPM
x86_64
libtiff-debuginfo-4.4.0-7.el9.x86_64.rpm
SHA-256: 51438a843286ee67a5e672c026a2588e8aa7c5dbff1bf60300cdb07423377e36
libtiff-debugsource-4.4.0-7.el9.x86_64.rpm
SHA-256: d37daa4feba769ff2787293b79e7dee49933c0c1dc73ed6e89dc78a33c482d4e
libtiff-tools-4.4.0-7.el9.x86_64.rpm
SHA-256: 1becad7c1a411cb8cfee7f33e6d867b4e127f078f49ccced4c76eb5a9a410c45
libtiff-tools-debuginfo-4.4.0-7.el9.x86_64.rpm
SHA-256: 1aaeb08ff6223ea157e95c697fa2812903856a1cdba87ef8f48eafc885e5fcde
Red Hat CodeReady Linux Builder for Power, little endian 9
SRPM
ppc64le
libtiff-debuginfo-4.4.0-7.el9.ppc64le.rpm
SHA-256: 4b55511a54b4a785f8b1766aedd38e398ccb40f622ecb6674135a86c7e302e8c
libtiff-debugsource-4.4.0-7.el9.ppc64le.rpm
SHA-256: e798f3af3062adfbaed4e4f9899461ba97671ecf757e525e7df72384ac2f3304
libtiff-tools-4.4.0-7.el9.ppc64le.rpm
SHA-256: 1208861f81120ede3a4d1849fda714f276bc192de40a25239e45edcf630e162d
libtiff-tools-debuginfo-4.4.0-7.el9.ppc64le.rpm
SHA-256: 384eb43cc3ef49c3b25bed34a7bc8451fa2079037cc02ae8b89f72ea691fa7ba
Red Hat CodeReady Linux Builder for ARM 64 9
SRPM
aarch64
libtiff-debuginfo-4.4.0-7.el9.aarch64.rpm
SHA-256: 11cc8d9c17a6a752d66d607028492d47870b78ff584621a708f785558d7522da
libtiff-debugsource-4.4.0-7.el9.aarch64.rpm
SHA-256: b1923ac488b0f21fb0fcb535293b94d6391296486c85ab7c0e3076dd80b3b7a6
libtiff-tools-4.4.0-7.el9.aarch64.rpm
SHA-256: 09066ca57a80af7342be64df5301a9de379b7e344f15260a2db3d1276c26e4d6
libtiff-tools-debuginfo-4.4.0-7.el9.aarch64.rpm
SHA-256: 40c58a677b7105c9c58d592476bbb45da0ef1f37ab09df49940c9da8d0c86bc1
Red Hat CodeReady Linux Builder for IBM z Systems 9
SRPM
s390x
libtiff-debuginfo-4.4.0-7.el9.s390x.rpm
SHA-256: a7c1eda009fac2aa12456f0e59f16c704b69e95236aa19541125f1a2cc922c19
libtiff-debugsource-4.4.0-7.el9.s390x.rpm
SHA-256: 30cd37f244c8fad1f7750b585a75fa6151c906b53676d8de03fb87f38fd467d0
libtiff-tools-4.4.0-7.el9.s390x.rpm
SHA-256: a1cf8187011c73591381e82f0400604d2803d5bfc1914d1a4a1a21b20e5f5525
libtiff-tools-debuginfo-4.4.0-7.el9.s390x.rpm
SHA-256: ff2105f93b897b88300c108e3aae7424ec0f5b8618f9221de50c58328b367711
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Apple Security Advisory 10-25-2023-4 - macOS Sonoma 14.1 addresses bypass, code execution, spoofing, and use-after-free vulnerabilities.
A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.
OpenShift API for Data Protection (OADP) 1.1.5 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2023-24534: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in H...
Red Hat Security Advisory 2023-3813-01 - An update for mtr-operator-bundle-container, mtr-operator-container, mtr-web-container, and mtr-web-executor-container is now available for Migration Toolkit for Runtimes 1 on RHEL 8.
An update for mtr-operator-bundle-container, mtr-operator-container, mtr-web-container, and mtr-web-executor-container is now available for Migration Toolkit for Runtimes 1 on RHEL 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4492: A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2...
Red Hat Security Advisory 2023-3664-01 - Release of Security Advisory for the OpenShift Jenkins image and Jenkins agent base image.
Release of Bug Advisories for the OpenShift Jenkins image and Jenkins agent base image. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. * CVE-2022-2880: A flaw was found in the golang package, where reques...
Red Hat Security Advisory 2023-3624-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.
The Migration Toolkit for Containers (MTC) 1.7.10 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24534: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service. * CVE-2023-24536: A flaw was found in Golang Go, where it is vulnerable to a denial of service cause...
Red Hat Security Advisory 2023-3495-01 - Logging Subsystem 5.7.2 - Red Hat OpenShift. Issues addressed include cross site scripting and denial of service vulnerabilities.
Logging Subsystem 5.7.2 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2023-27539: A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpe...
Red Hat Security Advisory 2023-3356-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.9 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Red Hat Security Advisory 2023-3326-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.6 images. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.
A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c.
Red Hat Security Advisory 2023-2883-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include integer overflow and out of bounds write vulnerabilities.
An update for libtiff is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3627: An out-of-bounds write flaw was found in the _TIFFmemcpy function in libtiff/tif_unix.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition. * CVE-2022-3970: An integer overflow flaw was found in LibTIFF. This issue exists in the TIFFReadRGBATileExt...
Ubuntu Security Notice 5841-1 - It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. This issue was only fixed in Ubuntu 14.04 ESM. It was discovered that LibTIFF was incorrectly accessing a data structure when processing data with the tiffcrop tool, which could lead to a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
Debian Linux Security Advisory 5333-1 - Several buffer overflow, divide by zero or out of bounds read/write vulnerabilities were discovered in tiff, the Tag Image File Format (TIFF) library and tools, which may cause denial of service when processing a crafted TIFF image.
Debian Linux Security Advisory 5333-1 - Several buffer overflow, divide by zero or out of bounds read/write vulnerabilities were discovered in tiff, the Tag Image File Format (TIFF) library and tools, which may cause denial of service when processing a crafted TIFF image.
Debian Linux Security Advisory 5333-1 - Several buffer overflow, divide by zero or out of bounds read/write vulnerabilities were discovered in tiff, the Tag Image File Format (TIFF) library and tools, which may cause denial of service when processing a crafted TIFF image.
Debian Linux Security Advisory 5333-1 - Several buffer overflow, divide by zero or out of bounds read/write vulnerabilities were discovered in tiff, the Tag Image File Format (TIFF) library and tools, which may cause denial of service when processing a crafted TIFF image.
Ubuntu Security Notice 5743-2 - USN-5743-1 fixed a vulnerability in LibTIFF. This update provides the corresponding updates for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
Ubuntu Security Notice 5743-1 - It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability.
Ubuntu Security Notice 5705-1 - Chintan Shah discovered that LibTIFF incorrectly handled memory in certain conditions. An attacker could trick a user into processing a specially crafted image file and potentially use this issue to allow for information disclosure or to cause the application to crash. It was discovered that LibTIFF incorrectly handled memory in certain conditions. An attacker could trick a user into processing a specially crafted tiff file and potentially use this issue to cause a denial of service.
Ubuntu Security Notice 5705-1 - Chintan Shah discovered that LibTIFF incorrectly handled memory in certain conditions. An attacker could trick a user into processing a specially crafted image file and potentially use this issue to allow for information disclosure or to cause the application to crash. It was discovered that LibTIFF incorrectly handled memory in certain conditions. An attacker could trick a user into processing a specially crafted tiff file and potentially use this issue to cause a denial of service.
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b.
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.
LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.
Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact