Univention Bugzilla – Bug 55589
tiff: Multiple issues (5.0)
Last modified: 2023-01-25 12:47:57 CET
New Debian tiff 4.1.0+git191117-2~deb10u5 fixes: This update addresses the following issues: * heap-buffer-overflow in TIFFReadRawDataStriped() in tiffinfo.c (CVE-2022-1354) * stack-buffer-overflow in tiffcp.c in main() (CVE-2022-1355) * LibTiff: DoS from Divide By Zero Error (CVE-2022-2056) * LibTiff: DoS from Divide By Zero Error (CVE-2022-2057) * LibTiff: DoS from Divide By Zero Error (CVE-2022-2058) * uint32_t underflow leads to out of bounds read and write in tiffcrop.c (CVE-2022-2867) * Invalid crop_width and/or crop_length could cause an out-of-bounds read in reverseSamples16bits() (CVE-2022-2868) * tiffcrop.c has uint32_t underflow which leads to out of bounds read and write in extractContigSamples8bits() (CVE-2022-2869) * heap Buffer overflows in tiffcrop.c (CVE-2022-3570) * out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix (CVE-2022-3597) * out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c (CVE-2022-3598) * out-of-bounds read in writeSingleSection in tools/tiffcrop.c (CVE-2022-3599) * out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c (CVE-2022-3626) * out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (CVE-2022-3627) * integer overflow in function TIFFReadRGBATileExt of the file (CVE-2022-3970) * A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit (CVE-2022-34526)
--- mirror/ftp/pool/main/t/tiff/tiff_4.1.0+git191117-2~deb10u4.dsc +++ apt/ucs_5.0-0-errata5.0-2/source/tiff_4.1.0+git191117-2~deb10u5.dsc @@ -1,3 +1,44 @@ +4.1.0+git191117-2~deb10u5 [Tue, 17 Jan 2023 20:27:50 +0100] Sylvain Beucler <beuc@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + * CVE-2022-1354: A heap buffer overflow flaw was found in Libtiffs' + tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an + attacker to pass a crafted TIFF file to the tiffinfo tool, triggering + a heap buffer overflow issue and causing a crash that leads to a + denial of service. + * CVE-2022-1355: A stack buffer overflow flaw was found in Libtiffs' + tiffcp.c in main() function. This flaw allows an attacker to pass a + crafted TIFF file to the tiffcp tool, triggering a stack buffer + overflow issue, possibly corrupting the memory, and causing a crash + that leads to a denial of service. (Closes: #1011160) + * CVE-2022-2056, CVE-2022-2057, CVE-2022-2058: Divide By Zero error in + tiffcrop allows attackers to cause a denial-of-service via a crafted + tiff file. (Closes: #1014494) + * CVE-2022-2867, CVE-2022-2868, CVE-2022-2869: libtiff's tiffcrop + utility has underflow and input validation flaw that can lead to out + of bounds read and write. An attacker who supplies a crafted file to + tiffcrop (likely via tricking a user to run tiffcrop on it with + certain parameters) could cause a crash or in some cases, further + exploitation. + * CVE-2022-3570, CVE-2022-3598: multiple heap buffer overflows in + tiffcrop.c utility in libtiff allows attacker to trigger unsafe or out + of bounds memory access via crafted TIFF image file which could result + into application crash, potential information disclosure or any other + context-dependent impact (Closes: #1022555) + * CVE-2022-3597, CVE-2022-3626, CVE-2022-3627: out-of-bounds write, + allowing attackers to cause a denial-of-service via a crafted tiff + file. (Closes: #1022555) + * CVE-2022-3599: out-of-bounds read in writeSingleSection in + tools/tiffcrop.c, allowing attackers to cause a denial-of-service via + a crafted tiff file. (Closes: #1022555) + * CVE-2022-3970: affects the function TIFFReadRGBATileExt of the file + libtiff/tif_getimage.c. The manipulation leads to integer + overflow. (Closes: #1024737) + * CVE-2022-34526: a stack overflow was discovered in the _TIFFVGetField + function of Tiffsplit. This vulnerability allows attackers to cause a + Denial of Service (DoS) via a crafted TIFF file parsed by the + "tiffsplit" or "tiffcrop" utilities. + 4.1.0+git191117-2~deb10u4 [Sun, 13 Mar 2022 16:03:21 +0100] Laszlo Boszormenyi (GCS) <gcs@debian.org>: [ Thorsten Alteholz <debian@alteholz.de> ] <http://piuparts.knut.univention.de/5.0-2/#1329525224685890808>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-2] 9b5dd95cfd Bug #55589: tiff 4.1.0+git191117-2~deb10u5 doc/errata/staging/tiff.yaml | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) [5.0-2] f16333908c Bug #55589: tiff 4.1.0+git191117-2~deb10u5 doc/errata/staging/tiff.yaml | 50 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x551>