Lucene search

K
rosalinuxROSA LABROSA-SA-2024-2338
HistoryFeb 06, 2024 - 8:15 a.m.

Advisory ROSA-SA-2024-2338

2024-02-0608:15:12
ROSA LAB
abf.rosalinux.ru
21
libtiff 4.0.9
rosa virtualization 2.1
pointer dereferencing errors
buffer overflow
insufficient input validation
denial of service
data compromise

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.8%

Software: libtiff 4.0.9
OS: ROSA Virtualization 2.1

package_evr_string: libtiff-4.0.9-28.rv3.src.rpm

CVE-ID: CVE-2022-0561
BDU-ID: 2022-05790
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the TIFFFetchStripThing() function of the tif_dirread.c component of the LibTIFF library is related to pointer dereferencing errors. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service using a specially crafted TIFF file
CVE-STATUS: Fixed
CVE-REV: To close, run yum update libtiff

CVE-ID: CVE-2022-0562
BDU-ID: 2022-05758
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the TIFFReadDirectory() function of the tif_dirread.c component of the LibTIFF library is related to pointer dereferencing errors. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service using a specially crafted TIFF file
CVE-STATUS: Fixed
CVE-REV: To close, run yum update libtiff

CVE-ID: CVE-2022-0891
BDU-ID: 2022-05792
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the ExtractImageSection function of the tiffcrop.c component of the LibTIFF library is related to writing beyond buffer boundaries. Exploitation of the vulnerability allows an attacker acting remotely to gain access to sensitive data and cause a denial of service using a specially crafted TIFF image
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update libtiff command

CVE-ID: CVE-2022-1355
BDU-ID: 2023-09082
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the main() function of the tiffcp.c component of the LibTIFF library is related to a buffer overflow on the stack. Exploitation of the vulnerability could allow an attacker to compromise data integrity as well as cause a denial of service with a specially crafted TIFF file
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update libtiff command

CVE-ID: CVE-2022-2867
BDU-ID: 2023-05415
CVE-Crit: N/A
CVE-DESC.: A vulnerability in the tiffcrop utility of the libtiff library is related to reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update libtiff command

CVE-ID: CVE-2022-2868
BDU-ID: 2023-05420
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability exists in the tiffcrop utility due to insufficient input validation. Exploitation of the vulnerability could allow an attacker to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update libtiff command

CVE-ID: CVE-2022-2869
BDU-ID: 2023-05416
CVE-Crit: N/A
CVE-DESC.: A vulnerability in the tiffcrop utility of the libtiff library is related to reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update libtiff command

CVE-ID: CVE-2022-3970
BDU-ID: 2022-06974
CVE-Crit: N/A
CVE-DESC.: A vulnerability in the TIFFReadRGBATileExt() function (libtiff/tif_getimage.c) of the LibTIFF library involves an integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted file
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update libtiff command

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchlibtiff< 4.0.9UNKNOWN

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.8%