Lucene search

K
rosalinuxROSA LABROSA-SA-2023-2264
HistoryOct 22, 2023 - 5:35 a.m.

Advisory ROSA-SA-2023-2264

2023-10-2205:35:45
ROSA LAB
abf.rosalinux.ru
11
libtiff
rosa-chrome
vulnerability
tiffcrop
tiffreadrgbatileext()
medium
critical

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.3%

software: libtiff 4.1.0
OS: ROSA-CHROME

package_evr_string: libtiff-4.1.0-4.src.rpm

CVE-ID: CVE-2022-2868
BDU-ID: 2023-00296
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the tiffcrop utility exists due to insufficient input validation. Exploitation of the vulnerability could allow an attacker to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update libtiff

CVE-ID: CVE-2022-2869
BDU-ID: 2023-05416
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the tiffcrop utility of the libtiff library is related to reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update libtiff

CVE-ID: CVE-2022-3570
BDU-ID: 2023-05421
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the tiffcrop utility of the libtiff library is related to writing beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update libtiff

CVE-ID: CVE-2022-3970
BDU-ID: 2022-06974
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the TIFFReadRGBATileExt() function (libtiff/tif_getimage.c) of the LibTIFF library involves an integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted file
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update libtiff

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchlibtiff< 4.1.0UNKNOWN

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.3%