logo
DATABASE RESOURCES PRICING ABOUT US

Moderate: libtiff security update

Description

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * LibTiff: DoS from Divide By Zero Error (CVE-2022-2056, CVE-2022-2057, CVE-2022-2058) * libtiff: Double free or corruption in rotateImage() function at tiffcrop.c (CVE-2022-2519) * libtiff: uint32_t underflow leads to out of bounds read and write in tiffcrop.c (CVE-2022-2867) * libtiff: tiffcrop.c has uint32_t underflow which leads to out of bounds read and write in extractContigSamples8bits() (CVE-2022-2869) * libtiff: tiffcrop: heap-buffer-overflow in extractImageSection in tiffcrop.c (CVE-2022-2953) * libtiff: Assertion fail in rotateImage() function at tiffcrop.c (CVE-2022-2520) * libtiff: Invalid pointer free operation in TIFFClose() at tif_close.c (CVE-2022-2521) * libtiff: Invalid crop_width and/or crop_length could cause an out-of-bounds read in reverseSamples16bits() (CVE-2022-2868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.


Affected Package


OS OS Version Package Name Package Version
almalinux 8 libtiff-devel 4.0.9-26.el8_7
almalinux 8 libtiff 4.0.9-26.el8_7
almalinux 8 libtiff-tools 4.0.9-26.el8_7
almalinux 8 libtiff-tools 4.0.9-26.el8_7
almalinux 8 libtiff 4.0.9-26.el8_7
almalinux 8 libtiff-devel 4.0.9-26.el8_7
almalinux 8 libtiff 4.0.9-26.el8_7
almalinux 8 libtiff-devel 4.0.9-26.el8_7
almalinux 8 libtiff-tools 4.0.9-26.el8_7
almalinux 8 libtiff-tools 4.0.9-26.el8_7
almalinux 8 libtiff-devel 4.0.9-26.el8_7
almalinux 8 libtiff 4.0.9-26.el8_7
almalinux 8 libtiff 4.0.9-26.el8_7
almalinux 8 libtiff-devel 4.0.9-26.el8_7

Related