Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
rockyRockylinux Product ErrataRLSA-2023:0302
HistoryJan 23, 2023 - 2:29 p.m.

libtiff security update

2023-01-2314:29:57
Rockylinux Product Errata
errata.rockylinux.org
13

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

67.5%

JSON

An update is available for libtiff.
This update affects Rocky Linux 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es):

  • LibTiff: DoS from Divide By Zero Error (CVE-2022-2056, CVE-2022-2057, CVE-2022-2058)

  • libtiff: Double free or corruption in rotateImage() function at tiffcrop.c (CVE-2022-2519)

  • libtiff: tiffcrop: heap-buffer-overflow in extractImageSection in tiffcrop.c (CVE-2022-2953)

  • libtiff: Assertion fail in rotateImage() function at tiffcrop.c (CVE-2022-2520)

  • libtiff: Invalid pointer free operation in TIFFClose() at tif_close.c (CVE-2022-2521)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
rocky9x86_64libtiff< 4.4.0-5.el9_1libtiff-0:4.4.0-5.el9_1.x86_64.rpm
rocky9aarch64libtiff< 4.4.0-5.el9_1libtiff-0:4.4.0-5.el9_1.aarch64.rpm
rocky9i686libtiff< 4.4.0-5.el9_1libtiff-0:4.4.0-5.el9_1.i686.rpm
rocky9ppc64lelibtiff< 4.4.0-5.el9_1libtiff-0:4.4.0-5.el9_1.ppc64le.rpm
rocky9s390xlibtiff< 4.4.0-5.el9_1libtiff-0:4.4.0-5.el9_1.s390x.rpm
rocky9aarch64libtiff-debuginfo< 4.4.0-5.el9_1libtiff-debuginfo-0:4.4.0-5.el9_1.aarch64.rpm
rocky9ppc64lelibtiff-debuginfo< 4.4.0-5.el9_1libtiff-debuginfo-0:4.4.0-5.el9_1.ppc64le.rpm
rocky9s390xlibtiff-debuginfo< 4.4.0-5.el9_1libtiff-debuginfo-0:4.4.0-5.el9_1.s390x.rpm
rocky9x86_64libtiff-debuginfo< 4.4.0-5.el9_1libtiff-debuginfo-0:4.4.0-5.el9_1.x86_64.rpm
rocky9aarch64libtiff-debugsource< 4.4.0-5.el9_1libtiff-debugsource-0:4.4.0-5.el9_1.aarch64.rpm
Rows per page:
1-10 of 261

Related

oraclelinux 2
nessus 47
redhat 5
almalinux 2
osv 15
openvas 34
rocky 1
fedora 2
suse 3
photon 8
mageia 2
ibm 5
altlinux 1
slackware 1
debian 2
ubuntu 2
cloudfoundry 2
prion 7
redhatcve 7
alpinelinux 7
veracode 7
ubuntucve 7
cve 7
cbl_mariner 8
debiancve 7
cnvd 5
amazon 3
oraclelinux
oraclelinux
libtiff security update
2023-01-24 00:00:00
libtiff security update
2023-01-12 00:00:00
nessus
nessus
Rocky Linux 9 : libtiff (RLSA-2023:0302)
2023-11-07 00:00:00
Oracle Linux 9 : libtiff (ELSA-2023-0302)
2023-01-24 00:00:00
AlmaLinux 9 : libtiff (ALSA-2023:0302)
2023-01-25 00:00:00
redhat
redhat
(RHSA-2023:0302) Moderate: libtiff security update
2023-01-23 14:29:57
(RHSA-2023:0095) Moderate: libtiff security update
2023-01-12 08:25:25
(RHSA-2023:1286) Important: Migration Toolkit for Runtimes security bug fix and enhancement update
2023-03-16 07:48:59
almalinux
almalinux
Moderate: libtiff security update
2023-01-23 00:00:00
Moderate: libtiff security update
2023-01-12 00:00:00
osv
osv
Moderate: libtiff security update
2023-01-23 14:29:57
Moderate: libtiff security update
2023-01-23 00:00:00
Moderate: libtiff security update
2023-01-12 08:25:25
openvas
openvas
Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2023-1170)
2023-01-12 00:00:00
Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2022-2825)
2022-12-22 00:00:00
Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2022-2850)
2022-12-22 00:00:00
rocky
rocky
libtiff security update
2023-01-12 08:25:25
fedora
fedora
[SECURITY] Fedora 35 Update: libtiff-4.4.0-2.fc35
2022-07-21 17:10:19
[SECURITY] Fedora 36 Update: libtiff-4.4.0-2.fc36
2022-07-15 01:17:10
suse
suse
Security update for tiff (low)
2022-09-01 00:00:00
Security update for tiff (low)
2022-08-03 00:00:00
Security update for tiff (important)
2022-10-21 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2022-0421
2022-07-14 00:00:00
Moderate Photon OS Security Update - PHSA-2022-0496
2022-07-13 00:00:00
Moderate Photon OS Security Update - PHSA-2022-3.0-0421
2022-07-14 00:00:00
mageia
mageia
Updated libtiff packages fix security vulnerability
2022-07-26 00:41:46
Updated libtiff packages fix security vulnerability
2022-11-08 22:44:28
ibm
ibm
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in LibTIFF
2023-02-27 15:06:29
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in LibTIFF
2023-05-02 20:42:17
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs
2023-02-24 19:49:04
altlinux
altlinux
Security fix for the ALT Linux 10 package libtiff version 4.4.0-alt2
2022-12-27 00:00:00
slackware
slackware
[slackware-security] libtiff
2023-01-04 02:19:46
debian
debian
[SECURITY] [DSA 5333-1] tiff security update
2023-01-29 12:55:02
[SECURITY] [DLA 3278-1] tiff security update
2023-01-20 22:37:38
ubuntu
ubuntu
LibTIFF vulnerabilities
2022-09-20 00:00:00
LibTIFF vulnerabilities
2022-11-08 00:00:00
cloudfoundry
cloudfoundry
USN-5619-1: LibTIFF vulnerabilities | Cloud Foundry
2022-09-29 00:00:00
USN-5714-1: LibTIFF vulnerabilities | Cloud Foundry
2022-12-07 00:00:00
prion
prion
Input validation
2022-06-30 16:15:00
Input validation
2022-08-31 16:15:00
Input validation
2022-06-30 16:15:00
redhatcve
redhatcve
CVE-2022-2057
2022-07-01 17:56:18
CVE-2022-2056
2022-07-01 17:56:18
CVE-2022-2520
2022-08-30 20:15:43
alpinelinux
alpinelinux
CVE-2022-2057
2022-06-30 16:15:00
CVE-2022-2056
2022-06-30 16:15:00
CVE-2022-2520
2022-08-31 16:15:00
veracode
veracode
Denial Of Service (DoS)
2022-07-01 11:38:02
Denial Of Service (DoS)
2022-07-01 09:27:56
Denial Of Service (DoS)
2022-09-01 05:51:24
ubuntucve
ubuntucve
CVE-2022-2520
2022-08-31 00:00:00
CVE-2022-2056
2022-06-30 00:00:00
CVE-2022-2521
2022-08-31 00:00:00
cve
cve
CVE-2022-2057
2022-06-30 16:15:00
CVE-2022-2056
2022-06-30 16:15:00
CVE-2022-2520
2022-08-31 16:15:00
cbl_mariner
cbl_mariner
CVE-2022-2057 affecting package libtiff 4.4.0-1
2022-11-30 04:44:03
CVE-2022-2058 affecting package libtiff 4.4.0-1
2022-11-24 00:45:37
CVE-2022-2056 affecting package libtiff 4.4.0-1
2022-08-03 21:15:00
debiancve
debiancve
CVE-2022-2056
2022-06-30 16:15:00
CVE-2022-2520
2022-08-31 16:15:00
CVE-2022-2057
2022-06-30 16:15:00
cnvd
cnvd
Denial of Service vulnerability in the rotateImage function in LibTIFF tiffcrop.c:8621
2022-09-02 00:00:00
LibTIFF Information Disclosure Vulnerability (CNVD-2023-49828)
2022-07-04 00:00:00
LibTIFF Buffer Overflow Vulnerability (CNVD-2022-72100)
2022-09-02 00:00:00
amazon
amazon
Low: libtiff
2023-05-25 17:41:00
Medium: libtiff
2023-08-17 11:58:00
Medium: libtiff
2023-09-13 23:44:00

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

67.5%

JSON
Related for RLSA-2023:0302
oraclelinux2nessus47redhat5almalinux2osv15openvas34rocky1fedora2suse3photon8mageia2ibm5altlinux1slackware1debian2ubuntu2cloudfoundry2prion7redhatcve7alpinelinux7veracode7ubuntucve7cve7cbl_mariner8debiancve7cnvd5amazon3