Advisory ROSA-SA-2024-2338

Software: libtiff 4.0.9
OS: ROSA Virtualization 2.1

package_evr_string: libtiff-4.0.9-28.rv3.src.rpm

CVE-ID: CVE-2022-0561
BDU-ID: 2022-05790
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the TIFFFetchStripThing() function of the tif_dirread.c component of the LibTIFF library is related to pointer dereferencing errors. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service using a specially crafted TIFF file
CVE-STATUS: Fixed
CVE-REV: To close, run yum update libtiff

CVE-ID: CVE-2022-0562
BDU-ID: 2022-05758
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the TIFFReadDirectory() function of the tif_dirread.c component of the LibTIFF library is related to pointer dereferencing errors. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service using a specially crafted TIFF file
CVE-STATUS: Fixed
CVE-REV: To close, run yum update libtiff

CVE-ID: CVE-2022-0891
BDU-ID: 2022-05792
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the ExtractImageSection function of the tiffcrop.c component of the LibTIFF library is related to writing beyond buffer boundaries. Exploitation of the vulnerability allows an attacker acting remotely to gain access to sensitive data and cause a denial of service using a specially crafted TIFF image
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update libtiff command

CVE-ID: CVE-2022-1355
BDU-ID: 2023-09082
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the main() function of the tiffcp.c component of the LibTIFF library is related to a buffer overflow on the stack. Exploitation of the vulnerability could allow an attacker to compromise data integrity as well as cause a denial of service with a specially crafted TIFF file
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update libtiff command

CVE-ID: CVE-2022-2867
BDU-ID: 2023-05415
CVE-Crit: N/A
CVE-DESC.: A vulnerability in the tiffcrop utility of the libtiff library is related to reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update libtiff command

CVE-ID: CVE-2022-2868
BDU-ID: 2023-05420
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability exists in the tiffcrop utility due to insufficient input validation. Exploitation of the vulnerability could allow an attacker to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update libtiff command

CVE-ID: CVE-2022-2869
BDU-ID: 2023-05416
CVE-Crit: N/A
CVE-DESC.: A vulnerability in the tiffcrop utility of the libtiff library is related to reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update libtiff command

CVE-ID: CVE-2022-3970
BDU-ID: 2022-06974
CVE-Crit: N/A
CVE-DESC.: A vulnerability in the TIFFReadRGBATileExt() function (libtiff/tif_getimage.c) of the LibTIFF library involves an integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted file
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update libtiff command