Univention Bugzilla – Bug 54595
tiff: Multiple issues (5.0)
Last modified: 2022-03-30 12:41:34 CEST
New Debian tiff 4.1.0+git191117-2~deb10u4 fixes: This update addresses the following issues: * Denial of Service via crafted TIFF file (CVE-2022-0561) * Null source pointer lead to Denial of Service via crafted TIFF file (CVE-2022-0562) * reachable assertion (CVE-2022-0865) * heap buffer overflow in extractImageSection (CVE-2022-0891) * NULL Pointer Dereference in tiffcrop (CVE-2022-0907) * Null source pointer passed as an argument to memcpy in TIFFFetchNormalTag() in tif_dirread.c (CVE-2022-0908) * Divide By Zero error in tiffcrop (CVE-2022-0909) * Out-of-bounds Read error in tiffcp (CVE-2022-0924) * out-of-bounds read in _TIFFmemcpy() in tif_unix.c (CVE-2022-22844)
--- mirror/ftp/pool/main/t/tiff/tiff_4.1.0+git191117-2~deb10u3.dsc +++ apt/ucs_5.0-0-errata5.0-1/source/tiff_4.1.0+git191117-2~deb10u4.dsc @@ -1,3 +1,31 @@ +4.1.0+git191117-2~deb10u4 [Sun, 13 Mar 2022 16:03:21 +0100] Laszlo Boszormenyi (GCS) <gcs@debian.org>: + + [ Thorsten Alteholz <debian@alteholz.de> ] + * CVE-2022-22844 + out-of-bounds read in _TIFFmemcpy in certain situations involving a + custom tag and 0x0200 as the second word of the DE field. + * CVE-2022-0562 + Null source pointer passed as an argument to memcpy() function within + TIFFReadDirectory(). This could result in a Denial of Service via + crafted TIFF files. + * CVE-2022-0561 + Null source pointer passed as an argument to memcpy() function within + TIFFFetchStripThing(). This could result in a Denial of Service via + crafted TIFF files. + + [ Laszlo Boszormenyi (GCS) <gcs@debian.org> ] + * Backport security fix for CVE-2022-0865, crash when reading a file with + multiple IFD in memory-mapped mode and when bit reversal is needed. + * Backport security fix for CVE-2022-0908, null source pointer passed as an + argument to memcpy() function within TIFFFetchNormalTag(). + * Backport security fix for CVE-2022-0907, unchecked return value to null + pointer dereference in tiffcrop. + * Backport security fix for CVE-2022-0909, divide by zero error in + tiffcrop. + * Backport security fix for CVE-2022-0891, heap buffer overflow in + ExtractImageSection function in tiffcrop. + * Backport security fix for CVE-2022-0924, heap buffer overflow in tiffcp. + 4.1.0+git191117-2~deb10u3 [Sun, 31 Oct 2021 09:31:11 +0100] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload by the Security Team. <http://piuparts.knut.univention.de/5.0-1/#1329525224684808283>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-1] 4e83f61441 Bug #54595: tiff 4.1.0+git191117-2~deb10u4 doc/errata/staging/tiff.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) [5.0-1] 8378a14251 Bug #54595: tiff 4.1.0+git191117-2~deb10u4 doc/errata/staging/tiff.yaml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x274>