Moderate: libtiff security update

🗓️ 15 Nov 2022 00:00:00Reported by AlmaLinuxType

almalinux

almalinux🔗 errata.almalinux.org👁 65 Views

libtiff security update fixing multiple vulnerabilities including Denial of Service and stack buffer overflo

Reporter	Title	Published	Views	Family All 610
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.1-IF004 (June 2025)	2 Jul 202507:00	–	ibm
IBM Security Bulletins	Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities	3 Jun 202511:35	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to denial of service due to CVE-2022-0924	1 Dec 202217:22	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in LibTIFF	30 Jan 202316:11	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in LibTIFF	30 Jan 202316:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to denial of service due to CVE-2022-0562	1 Dec 202217:30	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to arbitrary code execution due to CVE-2022-0891	1 Dec 202217:17	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in LibTIFF	27 Feb 202315:06	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to arbitrary code execution due to CVE-2022-1355	1 Dec 202217:12	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to denial of service due to CVE-2022-22844	1 Dec 202217:34	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
almalinux	9	i686	libtiff	4.4.0-2.el9	libtiff-4.4.0-2.el9.i686.rpm
almalinux	9	i686	libtiff-devel	4.4.0-2.el9	libtiff-devel-4.4.0-2.el9.i686.rpm
almalinux	9	ppc64le	libtiff-devel	4.4.0-2.el9	libtiff-devel-4.4.0-2.el9.ppc64le.rpm
almalinux	9	ppc64le	libtiff	4.4.0-2.el9	libtiff-4.4.0-2.el9.ppc64le.rpm
almalinux	9	aarch64	libtiff-devel	4.4.0-2.el9	libtiff-devel-4.4.0-2.el9.aarch64.rpm
almalinux	9	aarch64	libtiff	4.4.0-2.el9	libtiff-4.4.0-2.el9.aarch64.rpm
almalinux	9	x86_64	libtiff-devel	4.4.0-2.el9	libtiff-devel-4.4.0-2.el9.x86_64.rpm
almalinux	9	x86_64	libtiff	4.4.0-2.el9	libtiff-4.4.0-2.el9.x86_64.rpm
almalinux	9	s390x	libtiff-devel	4.4.0-2.el9	libtiff-devel-4.4.0-2.el9.s390x.rpm
almalinux	9	s390x	libtiff	4.4.0-2.el9	libtiff-4.4.0-2.el9.s390x.rpm

Source	Link
access	www.access.redhat.com/errata/RHSA-2022:8194
access	www.access.redhat.com/security/cve/CVE-2022-0561
access	www.access.redhat.com/security/cve/CVE-2022-0562
access	www.access.redhat.com/security/cve/CVE-2022-0865
access	www.access.redhat.com/security/cve/CVE-2022-0891
access	www.access.redhat.com/security/cve/CVE-2022-0908
access	www.access.redhat.com/security/cve/CVE-2022-0909
access	www.access.redhat.com/security/cve/CVE-2022-0924
access	www.access.redhat.com/security/cve/CVE-2022-1354
access	www.access.redhat.com/security/cve/CVE-2022-1355

18 Nov 2022 03:47Current

7.4High risk

Vulners AI Score7.4

CVSS 25.8

CVSS 3.17.1 - 7.7

EPSS0.01542

libtiff security fix denial of service heap buffer overflow out-of-bounds read stack-buffer-overflow cve-2022-0561 cve-2022-0562 cve-2022-0865 cve-2022-0924 cve-2022-1355 cve-2022-22844 cve-2022-0891 cve-2022-0908 cve-2022-0909 cve-2022-1354