Medium: libtiff

🗓️ 27 Apr 2022 00:00:00Reported by AmazonType

amazon

amazon🔗 alas.aws.amazon.com👁 156 Views

Vulnerabilities in libtiff can lead to remote denial of service and arbitrary code executio

Reporter	Title	Published	Views	Family All 710
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in LibTIFF	17 Dec 202104:20	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to denial of service due to CVE-2022-0924	1 Dec 202217:22	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in LibTIFF	30 Jan 202316:11	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in LibTIFF	30 Jan 202316:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to denial of service due to CVE-2022-22844	1 Dec 202217:34	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to denial of service due to CVE-2022-0908	1 Dec 202217:28	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.	2 Feb 202303:37	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in LibTIFF	30 Jan 202316:29	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to denial of service due to CVE-2022-0561	1 Dec 202217:32	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to denial of service due to CVE-2022-0909	1 Dec 202217:24	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	2	aarch64	libtiff	4.0.3-35.amzn2.0.1	libtiff-4.0.3-35.amzn2.0.1.aarch64.rpm
Amazon Linux	2	i686	libtiff	4.0.3-35.amzn2.0.1	libtiff-4.0.3-35.amzn2.0.1.i686.rpm
Amazon Linux	2	x86_64	libtiff	4.0.3-35.amzn2.0.1	libtiff-4.0.3-35.amzn2.0.1.x86_64.rpm
Amazon Linux	2	aarch64	libtiff-debuginfo	4.0.3-35.amzn2.0.1	libtiff-debuginfo-4.0.3-35.amzn2.0.1.aarch64.rpm
Amazon Linux	2	i686	libtiff-debuginfo	4.0.3-35.amzn2.0.1	libtiff-debuginfo-4.0.3-35.amzn2.0.1.i686.rpm
Amazon Linux	2	x86_64	libtiff-debuginfo	4.0.3-35.amzn2.0.1	libtiff-debuginfo-4.0.3-35.amzn2.0.1.x86_64.rpm
Amazon Linux	2	aarch64	libtiff-devel	4.0.3-35.amzn2.0.1	libtiff-devel-4.0.3-35.amzn2.0.1.aarch64.rpm
Amazon Linux	2	i686	libtiff-devel	4.0.3-35.amzn2.0.1	libtiff-devel-4.0.3-35.amzn2.0.1.i686.rpm
Amazon Linux	2	x86_64	libtiff-devel	4.0.3-35.amzn2.0.1	libtiff-devel-4.0.3-35.amzn2.0.1.x86_64.rpm
Amazon Linux	2	aarch64	libtiff-static	4.0.3-35.amzn2.0.1	libtiff-static-4.0.3-35.amzn2.0.1.aarch64.rpm

27 Apr 2022 00:00Current

7.9High risk

Vulners AI Score7.9

CVSS 26.8

CVSS 35.5

CVSS 3.17.7 - 7.8

EPSS0.00585

libtiff vulnerability denial of service arbitrary code execution memory allocation integer overflow buffer overflow heap-based remote attackers